[dns-operations] DNS Amplification Attacks
james at now.ie
Wed Mar 22 00:24:04 UTC 2006
On 21 Mar 2006, at 18:43, Christian Bering wrote:
> How about DNS looking glasses that would allow queries to local (to
> the looking glass server) DNS servers using only a web interface?
> Conceptually more or less exactly the same as the looking glasses
> used for BGP queries offer.
Speaking personally, I can't ever see me offering a web form that
lets anybody submit a recursive query to my resolver. I don't know
what they'll ask it to query (an attacker's specially crafted
nameserver perhaps) and I don't know what it'll cache (and so return
to the next guy to use the l.g.).
I could make it so l.g. queries can't set the rd bit, but then what's
the use of it?
Times flies like an arrow. Fruit flies like bananas.
More information about the dns-operations