[dns-operations] Best Practices in DNS security

David Ulevitch davidu at everydns.net
Mon Mar 20 04:30:08 UTC 2006

On Mar 19, 2006, at 10:03 AM, Geo. wrote:

> You need to test an open recursive dns server at so you  
> spoof a
> query to it with a source address of and with the  
> query
> being You then watch your dns server for  
> this query,
> if it shows up you know that network is not BCP38

Bad test.  Me checking glue or actually resolving for qname is not any indication of my BCP38 compliance as  
an operator of said recursive nameserver's network.



More information about the dns-operations mailing list