[dns-operations] blocking recursers
Randy Bush
randy at psg.com
Thu Mar 23 16:48:48 UTC 2006
>> if i had a record of the recursive servers used to reflect an attack
>> at my servers, would i be justified in blocking every-day queries
>> from them until they tested recursion- free?
>
> I suggest to explain first. Until now, it seems ordinary people (not
> OARC members, not ISC employees, not CENTR meetings attendants) had
> very few exposure to the Good Practice of shutting down ORNs.
one aspect is a lack of supporting documentation in the rfcs. in
fact, the reverse is the case, open recursion is acceptable in the
standards. so what is my ethical/legal exposure if i deny service
to someone who seems to not be violating the standards?
> Advice to everyone on the list, including myself: educate, spread
> the news, teach, inform DNS administrators.
seems to me we also need to get the standards changed/augmented.
randy
More information about the dns-operations
mailing list