[dns-operations] DNS Amplification Attacks
Matt Pounsett
matt.pounsett at cira.ca
Tue Mar 21 15:37:41 UTC 2006
On 21-Mar-2006, at 10:14 , Ondřej Surý wrote:
> I just don't understand why you are so against shutting down open
> recursors, I see that we need to do two things:
I can offer one suggested explanation: open recursors are an
excellent troubleshooting tool when DNS data appears to be broken
when off one's own network, but not on it (in my experience, the
recursor being used to test is usually broken in some way). Perhaps
Geo has other reasons as well, but those of us that use open
recursors to troubleshoot are just going to have to get used to the
fact that they're going away.
Perhaps we can find an alternative that won't/can't be abused, but
for the moment it looks like we'll have to live without this view of
how other parts of the 'net see our data.
Matt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20060321/0176ad29/attachment-0001.sig>
More information about the dns-operations
mailing list