[dns-operations] ultradns managed services
David Ulevitch
davidu at everydns.net
Wed May 24 17:48:55 UTC 2006
On May 21, 2006, at 12:25 PM, Rick Wesson wrote:
>
> would a bgp feed of /32 addresses of known open resolvers have
> helped anyone out of this situation?
>
> i want to understand if/how such a feed via bgp would benifit the
> community.
Well let's start with who would use it?
Authoritative DNS providers:
We'd be blocking a major portion of the net if we blocked open
recursive nameservers. For people who tie access to their zones with
financial income, that's a hard choice to make. Maybe impossible.
ISPs:
Not sure what they get either -- their users infected with zombie
code are stopped from sending out requests to ORNs? Seems plausible,
but lot of effort for an unclear win.
Site being attacked:
Well, maybe they'd get some value in it as they could block
inbound packets from the feed. Chances our their ISP would have to
be pretty clued to be in on this as it's pretty unlikely they'd do
this on the fly to mitigate an attack. Seems like this group would
benefit the most...
Separately, what might be helpful is a feed of current QNAMEs in an
ongoing attack... Not sure best way of propagating that to every ORN
seeing as how we can't really communicate with them as it is...
-david
More information about the dns-operations
mailing list