[dns-operations] ultradns managed services
Rodney Joffe
rjoffe at centergate.com
Sun May 21 21:23:26 UTC 2006
Hi Rick,
On May 21, 2006, at 12:44 PM, Rick Wesson wrote:
>
> would a bgp feed of /32 addresses of known open resolvers have
> helped anyone out of this situation?
>
So that you (and other good and clueful folk) don't spin your wheels
unnecessarily chasing solutions to non-existent occurrences, I would
caution that the vast majority of the "facts" cited in the referenced
article are false (and known to be so by *all* of those networks
involved in dealing with the actual incident).
>
> i want to understand if/how such a feed via bgp would benifit the
> community.
>
As an answer to this second sentence, which you now know is entirely
unrelated to the first, in general this would be useful as an
indicator of recursive servers that might be abused at some stage and
used in an open recursive server amplification attack.
Nothing more.
If the list is used unilaterally as a list of "open" recursive
servers in order to block queries from them without a real
understanding of the true nature of the packets (which are *not*
queries, in fact, but are answers), and without an awareness of the
significant number of "edge" cases, and if the list is used without
any carefully planned strategy, perhaps to apply leverage, the
network using the list is likely to cause an impact on its users with
unexpected results.
"This action should only be undertaken by trained professionals" ;-).
Regards
/rlj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20060521/cec091da/attachment.sig>
More information about the dns-operations
mailing list