[dns-operations] Amplification attack today ?
Peter Dambier
peter at peter-dambier.de
Mon Mar 5 11:58:24 UTC 2007
Lutz Donnerhacke wrote:
> * Michael Monnerie wrote:
>
>>That's what I mean. It has to be transported over media into the admins
>>ears and brains, that you will be blacklisted if your DNS setup is crap.
>
> I you consider blocking root servers or BGP on blacklists, I must stronly
> oppose. Otherwise you will build a "Internet for Joe User" and the real
> bussiness hat to switch to a different infrastructure (i.e. alternative root
> servers), because they can't fight the militant "anti-" fighters.
That has happened already.
At the pirates party and especialy at ARL (A)ssociation des (R)acines (L)ibres
we are testing an /etc/named.conf that works without rootservers. We need no
root-servers.net and no alternatives.
named.conf looks something like
...
zone "de" {
type stub;
file "stub/de";
masters { 193.0.7.3; 194.246.96.1; 208.48.81.43; 194.246.96.1; 81.91.164.5 };
};
zone "pirates" {
type stub;
file "stub/pirates";
masters { 88.198.56.107; 205.189.71.34; };
};
zone "ewe" {
type stub;
file "stub/ewe";
masters { 71.132.98.41; 64.62.206.88; 64.62.206.91; };
};
...
The file can be send monthly on cdrom or
weekly via email.
Kind regards
Peter and Karin Dambier
--
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Rimbacher-Strasse 16
D-69509 Moerlenbach-Bonsweiher
+49(6209)795-816 (Telekom)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
mail: peter at echnaton.serveftp.com
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/
http://www.cesidianroot.com/
More information about the dns-operations
mailing list