[dns-operations] If I were the suspicious type.... (was:DNSAmplification Attacks)

caleb.dods at bell.ca caleb.dods at bell.ca
Thu Mar 23 14:23:38 UTC 2006

Paul Vixie wrote:

>we (dave rand, my cofounder at MAPS, and i) are STILL fighting with
>to close down outbound tcp/25 from their dynamic address pools.
>an unbelievable amount of pushback, from well meaning but ignorant
>libertarians mostly.  it's a similar story to open recursion -- i don't
>like to see this kind of change, but the status quo has become even

I think the parallel to spam is perfect. "Getting rid" of open relays &
Blocking port 25 have been have had the two biggest impacts in making
spam manageable. It effectively creates "choke point" on the MTA where
spam ingoing and outgoing can be caught.

"Getting rid" of open recursers and blocking port 53 should have a very
similar effect. 


More information about the dns-operations mailing list