[dns-operations] Amplification attack today ?

Florian Weimer fw at deneb.enyo.de
Mon Mar 5 09:30:31 UTC 2007

* Michael Monnerie:

> That's what I mean. It has to be transported over media into the admins 
> ears and brains, that you will be blacklisted if your DNS setup is 
> crap.

Just because your tests show that some server provides recursive
service to you, the setup is not necessarily "crap".  It's harder to
operate a DNS resolver in a responsible way if you provide public
recursive service, but it's not impossible.  Given the choice, I
certainly prefer a well-monitored, maintained open DNS resolver to a
closed authoritative/resolver combination running on autopilot.

More information about the dns-operations mailing list