[dns-operations] DNS Amplification Attacks
James Raftery
james at now.ie
Wed Mar 22 00:24:04 UTC 2006
On 21 Mar 2006, at 18:43, Christian Bering wrote:
>
> How about DNS looking glasses that would allow queries to local (to
> the looking glass server) DNS servers using only a web interface?
> Conceptually more or less exactly the same as the looking glasses
> used for BGP queries offer.
Speaking personally, I can't ever see me offering a web form that
lets anybody submit a recursive query to my resolver. I don't know
what they'll ask it to query (an attacker's specially crafted
nameserver perhaps) and I don't know what it'll cache (and so return
to the next guy to use the l.g.).
I could make it so l.g. queries can't set the rd bit, but then what's
the use of it?
ATB,
james
--
Times flies like an arrow. Fruit flies like bananas.
More information about the dns-operations
mailing list