[dns-operations] DNS Amplification Attacks

Christian Bering CB at nianet.dk
Tue Mar 21 18:43:09 UTC 2006

>>I just don't understand why you are so against shutting down open
>>recursors, I see that we need to do two things:

>I can offer one suggested explanation: open recursors are an  
>excellent troubleshooting tool when DNS data appears to be broken  
>when off one's own network, but not on it (in my experience, the  
>recursor being used to test is usually broken in some way).

>Perhaps we can find an alternative that won't/can't be abused, but  
>for the moment it looks like we'll have to live without this view of  
>how other parts of the 'net see our data.

How about DNS looking glasses that would allow queries to local (to the looking glass server) DNS servers using only a web interface? Conceptually more or less exactly the same as the looking glasses used for BGP queries offer.

 Christian Bering

More information about the dns-operations mailing list