[dns-operations] blocking recursers
Randy Bush
randy at psg.com
Sat Mar 25 23:52:27 UTC 2006
> check the RA bits?
>> btw, how does one cheaply test if a server is open enough to
>> provide a channel for attack?
to be clear, do you mean
o issue a query for which the server might have an
authoritative answer
o see if that answer has the ra bit turned on?
does all software know not to turn the ra bit on when the
query comes from a source address which is not in its list
of addresses for which it will do recursion?
randy
---
Q: Because it reverses the logical flow of conversation.
A: Why is top posting frowned upon?
More information about the dns-operations
mailing list