[dns-operations] DNS Amplification Attacks

James Raftery james at now.ie
Wed Mar 22 00:24:04 UTC 2006

On 21 Mar 2006, at 18:43, Christian Bering wrote:
> How about DNS looking glasses that would allow queries to local (to  
> the looking glass server) DNS servers using only a web interface?  
> Conceptually more or less exactly the same as the looking glasses  
> used for BGP queries offer.

Speaking personally, I can't ever see me offering a web form that  
lets anybody submit a recursive query to my resolver. I don't know  
what they'll ask it to query (an attacker's specially crafted  
nameserver perhaps) and I don't know what it'll cache (and so return  
to the next guy to use the l.g.).

I could make it so l.g. queries can't set the rd bit, but then what's  
the use of it?

Times flies like an arrow. Fruit flies like bananas.

More information about the dns-operations mailing list