[dns-operations] Amplification attack today ?

Peter Dambier peter at peter-dambier.de
Mon Mar 5 11:58:24 UTC 2007

Lutz Donnerhacke wrote:
> * Michael Monnerie wrote:
>>That's what I mean. It has to be transported over media into the admins
>>ears and brains, that you will be blacklisted if your DNS setup is crap.

> I you consider blocking root servers or BGP on blacklists, I must stronly
> oppose. Otherwise you will build a "Internet for Joe User" and the real
> bussiness hat to switch to a different infrastructure (i.e. alternative root
> servers), because they can't fight the militant "anti-" fighters.

That has happened already.

At the pirates party and especialy at ARL (A)ssociation des (R)acines (L)ibres
we are testing an /etc/named.conf that works without rootservers. We need no
root-servers.net and no alternatives.

named.conf looks something like


zone "de" {
type stub;
file "stub/de";
masters {;;;; };

zone "pirates" {
type stub;
file "stub/pirates";
masters {;; };

zone "ewe" {
type stub;
file "stub/ewe";
masters {;;; };


The file can be send monthly on cdrom or
weekly via email.

Kind regards
Peter and Karin Dambier

Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Rimbacher-Strasse 16
D-69509 Moerlenbach-Bonsweiher
+49(6209)795-816 (Telekom)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
mail: peter at echnaton.serveftp.com

More information about the dns-operations mailing list