[dns-operations] Recently closed open resolver and reflection attacks

WBrown at e1b.org WBrown at e1b.org
Wed Mar 6 17:36:21 UTC 2013

I mistakenly wrote on 03/06/2013 11:36:20 AM:

> Given that no properly configured server should be querying this 
> name server for isc.org, 

I meant to describe it as an authoritative server. Duh.  I'm having one of 
those days....

Sorry for the confusion.

So to rephrase the question... 

Is there any reason why recursive queries to an authoritative server that 
would normally get a REFUSED reply shouldn't be dropped instead of getting 
an answer?

Maybe now that I've had lunch the brain will work better.

Confidentiality Notice: 
This electronic message and any attachments may contain confidential or 
privileged information, and is intended only for the individual or entity 
identified above as the addressee. If you are not the addressee (or the 
employee or agent responsible to deliver it to the addressee), or if this 
message has been addressed to you in error, you are hereby notified that 
you may not copy, forward, disclose or use any part of this message or any 
attachments. Please notify the sender immediately by return e-mail or 
telephone and delete this message from your system.

More information about the dns-operations mailing list