[dns-operations] Why would an MTA issue an ANY query instead of an MX query?

Chris Adams cmadams at hiwaay.net
Tue Jun 12 00:14:14 UTC 2012

Once upon a time, Mark Andrews <marka at isc.org> said:
> If we have Attacker -> CPE -> Auth -> CPE -> Target why isn't the CPE
> returning answers from its cache?

Most of the CPE just run a DNS proxy (e.g. dnsmasq on Linux-based
boxes), not a full cache.  Even if they ran a cache, the attack would
still be CPE->Target (just not going to another server in-between).  It
is easier to find an open CPE being used to attack and shut it down when
it sends every request back out to the ISP's recursive servers.

Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.

More information about the dns-operations mailing list