[dns-operations] Force TCP for external quereis to Open Resolvers?
Xun Fan
xunfan at isi.edu
Mon Apr 1 19:03:21 UTC 2013
Hi Stephane, thanks for setting up the TCP open reolver, I just tried, it
works great!
I think for researchers, DNS looking glasses + TCP-only open resolvers
would be enough.
The TC=1 hack I proposed is just a workaround for normal off-net users.
On Mon, Apr 1, 2013 at 8:07 AM, Stephane Bortzmeyer <bortzmeyer at nic.fr>wrote:
> On Sun, Mar 31, 2013 at 12:54:23PM -0400,
> Paul Wouters <paul at nohats.ca> wrote
> a message of 34 lines which said:
>
> > Not true. unbound allows you to only accept clients using TCP.
>
> Ah, thanks, I should read the documentation more closely.
>
> OK, I've set up an open resolver (best effort only) with this
> configuration at 95.142.170.138 / 2001:4b98:dc0:47:216:3eff:fe1b:4672.
> Does anyone see a security issue with such TCP-only open resolvers?
>
> Xun Fan, do you think such TCP-only open resolvers, alone, or together
> with DNS looking glasses <http://www.bortzmeyer.org/dns-lg.html> could
> be sufficient for researchers?
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20130401/c4878cdb/attachment.html>
More information about the dns-operations
mailing list