[dns-operations] DNS Amplification Attacks

James Raftery james at now.ie
Wed Mar 22 00:24:04 UTC 2006


On 21 Mar 2006, at 18:43, Christian Bering wrote:
>
> How about DNS looking glasses that would allow queries to local (to  
> the looking glass server) DNS servers using only a web interface?  
> Conceptually more or less exactly the same as the looking glasses  
> used for BGP queries offer.

Speaking personally, I can't ever see me offering a web form that  
lets anybody submit a recursive query to my resolver. I don't know  
what they'll ask it to query (an attacker's specially crafted  
nameserver perhaps) and I don't know what it'll cache (and so return  
to the next guy to use the l.g.).

I could make it so l.g. queries can't set the rd bit, but then what's  
the use of it?


ATB,
james
-- 
Times flies like an arrow. Fruit flies like bananas.





More information about the dns-operations mailing list