[dns-operations] Amplification attack today ?

Peter Dambier peter at peter-dambier.de
Mon Mar 5 11:58:24 UTC 2007


Lutz Donnerhacke wrote:
> * Michael Monnerie wrote:
> 
>>That's what I mean. It has to be transported over media into the admins
>>ears and brains, that you will be blacklisted if your DNS setup is crap.

> 
> I you consider blocking root servers or BGP on blacklists, I must stronly
> oppose. Otherwise you will build a "Internet for Joe User" and the real
> bussiness hat to switch to a different infrastructure (i.e. alternative root
> servers), because they can't fight the militant "anti-" fighters.

That has happened already.

At the pirates party and especialy at ARL (A)ssociation des (R)acines (L)ibres
we are testing an /etc/named.conf that works without rootservers. We need no
root-servers.net and no alternatives.

named.conf looks something like

...

zone "de" {
type stub;
file "stub/de";
masters { 193.0.7.3; 194.246.96.1; 208.48.81.43; 194.246.96.1; 81.91.164.5 };
};

zone "pirates" {
type stub;
file "stub/pirates";
masters { 88.198.56.107; 205.189.71.34; };
};

zone "ewe" {
type stub;
file "stub/ewe";
masters { 71.132.98.41; 64.62.206.88; 64.62.206.91; };
};

...

The file can be send monthly on cdrom or
weekly via email.


Kind regards
Peter and Karin Dambier


-- 
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Rimbacher-Strasse 16
D-69509 Moerlenbach-Bonsweiher
+49(6209)795-816 (Telekom)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
mail: peter at echnaton.serveftp.com
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/
http://www.cesidianroot.com/




More information about the dns-operations mailing list