[dns-operations] DNS Amplification Attacks
CB at nianet.dk
Tue Mar 21 18:43:09 UTC 2006
>>I just don't understand why you are so against shutting down open
>>recursors, I see that we need to do two things:
>I can offer one suggested explanation: open recursors are an
>excellent troubleshooting tool when DNS data appears to be broken
>when off one's own network, but not on it (in my experience, the
>recursor being used to test is usually broken in some way).
>Perhaps we can find an alternative that won't/can't be abused, but
>for the moment it looks like we'll have to live without this view of
>how other parts of the 'net see our data.
How about DNS looking glasses that would allow queries to local (to the looking glass server) DNS servers using only a web interface? Conceptually more or less exactly the same as the looking glasses used for BGP queries offer.
More information about the dns-operations