[dns-operations] ultradns managed services

Rodney Joffe rjoffe at centergate.com
Sun May 21 21:23:26 UTC 2006


Hi Rick,

On May 21, 2006, at 12:44 PM, Rick Wesson wrote:

>
> would a bgp feed of /32 addresses of known open resolvers have  
> helped anyone out of this situation?
>

So that you (and other good and clueful folk) don't spin your wheels  
unnecessarily chasing solutions to non-existent occurrences, I would  
caution that the vast majority of the "facts" cited in the referenced  
article are false (and known to be so by *all* of those networks  
involved in dealing with the actual incident).

>
> i want to understand if/how such a feed via bgp would benifit the  
> community.
>

As an answer to this second sentence, which you now know is entirely  
unrelated to the first, in general this would be useful as an  
indicator of recursive servers that might be abused at some stage and  
used in an open recursive server amplification attack.

Nothing more.

If the list is used unilaterally as a list of "open" recursive  
servers in order to block queries from them without a real  
understanding of the true nature of the packets (which are *not*  
queries, in fact, but are answers), and without an awareness of the  
significant number of "edge" cases, and if the list is used without  
any carefully planned strategy, perhaps to apply leverage, the  
network using the list is likely to cause an impact on its users with  
unexpected results.

	"This action should only be undertaken by trained professionals" ;-).

Regards

/rlj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20060521/cec091da/attachment.sig>


More information about the dns-operations mailing list