[dns-operations] blocking recursers

Randy Bush randy at psg.com
Sat Mar 25 23:52:27 UTC 2006

> check the RA bits?
>> btw, how does one cheaply test if a server is open enough to
>> provide a channel for attack?

to be clear, do you mean
  o issue a query for which the server might have an
    authoritative answer
  o see if that answer has the ra bit turned on?

does all software know not to turn the ra bit on when the
query comes from a source address which is not in its list
of addresses for which it will do recursion?

Q: Because it reverses the logical flow of conversation.
A: Why is top posting frowned upon?

More information about the dns-operations mailing list