[dns-operations] DNS deluge for x.p.ctrc.cc

Ejay Hire ejay.hire at isdn.net
Wed Mar 1 19:57:46 UTC 2006

I think this is where we have the misunderstanding.
Limiting recursion is a function of the DNS server, not of a

For the record, I don't trust my users anymore than I trust
the internet, and it's still behind a firewall.


> -----Original Message-----
> From: dns-operations-bounces at lists.oarci.net 
> [mailto:dns-operations-bounces at lists.oarci.net] On Behalf
Of Geo.
> Sent: Wednesday, March 01, 2006 1:42 PM
> To: dns-operations at mail.oarc.isc.org
> Subject: Re: [dns-operations] DNS deluge for x.p.ctrc.cc
> > Ejay Hire wrote:
> > > If the ISP fixes their DNS servers to restrict the Ips
> > > which they answer recursive queries, then those fixed
> > > servers will ignore the spoofed request because the
> > > request appears to come from an IP that hey do not
> >
> > I believe Geo actually meant something different. I also
did not
> > understand his meaning at all at first... then he
further explained.
> >
> > As the bots are in the ISP's allowed space, the ISP's
> server will
> > allow recursion to these bots.
> Almost but not quite. If the ISP limits access to the 
> recursive servers via
> a firewall between the internet and the ISP but not
> their customers
> and the dns servers then spoofed requests from local
clients will be
> accepted by the dns servers since they never pass thru the
> Geo.
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.oarci.net
> http://lists.oarci.net/mailman/listinfo/dns-operations

More information about the dns-operations mailing list