[dns-operations] OARC's Open DNSSEC Validating Resolver project

Duane Wessels wessels at dns-oarc.net
Tue Nov 4 22:03:31 UTC 2008


OARC is pleased to offer open DNSSEC-validating resolvers that
anyone can use to experiment with DNSSEC.  There are currently three
different resolvers:

    149.20.64.20 (running BIND 9)
    149.20.64.21 (running Unbound)
    149.20.64.22 (IANA-testbed, running BIND 9)

You can find further information at
https://www.dns-oarc.net/oarc/services/odvr

Many of you might be surprised to hear that OARC is intentionally
operating an open resolver.  We feel that the potential benefits
outweigh the potential problems and have taken steps to minimize
abuse.  First, queries to the resolvers are rate-limited (currently
1 Kbit/s per /24).  Second, we are logging all queries and responses
with full packet capture.  If the service is abused, we will have
a good record of it (which will be interesting by itself) and will
allow us to take additional measures or re-think the decision to
have an open resolver.

Duane W.



More information about the dns-operations mailing list