[dns-operations] DNS deluge for x.p.ctrc.cc

Ejay Hire ejay.hire at isdn.net
Wed Mar 1 20:02:27 UTC 2006

So, we're back to the same problem we had with open relays.
"I can't or don't know how to close my open relay".  The
solution is to update the software or learn then.  Nobody
gets away with that excuse now for email, and no-one should
get away with it for dns either.


> -----Original Message-----
> From: dns-operations-bounces at lists.oarci.net 
> [mailto:dns-operations-bounces at lists.oarci.net] On Behalf
Of Geo.
> Sent: Wednesday, March 01, 2006 11:20 AM
> To: dns-operations at mail.oarc.isc.org
> Subject: Re: [dns-operations] DNS deluge for x.p.ctrc.cc
> > If the ISP fixes their DNS servers to restrict the Ips
> > which they answer recursive queries, then those fixed
> > servers will ignore the spoofed request because the
> > request appears to come from an IP that hey do not
> Not if they "fix" their dns servers with a firewall rule 
> instead of a dns
> server option. Many dns servers do not have a setting to 
> restrict recursive
> to local subnet only (windows 2000 or Posadis for
> And then you have the folks who run behind NAT believing
> don't need to
> worry about such things. You remember them, they were the 
> ones querying for
> rfc1918 space...
> Geo.
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.oarci.net
> http://lists.oarci.net/mailman/listinfo/dns-operations

More information about the dns-operations mailing list