[dns-operations] DNS Amplification Attacks

Matt Pounsett matt.pounsett at cira.ca
Tue Mar 21 15:37:41 UTC 2006

On 21-Mar-2006, at 10:14 , Ondřej Surý wrote:

> I just don't understand why you are so against shutting down open
> recursors, I see that we need to do two things:

I can offer one suggested explanation: open recursors are an  
excellent troubleshooting tool when DNS data appears to be broken  
when off one's own network, but not on it (in my experience, the  
recursor being used to test is usually broken in some way).  Perhaps  
Geo has other reasons as well, but those of us that use open  
recursors to troubleshoot are just going to have to get used to the  
fact that they're going away.

Perhaps we can find an alternative that won't/can't be abused, but  
for the moment it looks like we'll have to live without this view of  
how other parts of the 'net see our data.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20060321/0176ad29/attachment-0001.sig>

More information about the dns-operations mailing list