[dns-operations] Should medium-sized companies run their own recursive resolver?
Paul Ferguson
fergdawgster at mykolab.com
Wed Oct 16 20:58:31 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/16/2013 1:44 PM, James Cloos wrote:
>>>>>> "PH" == Paul Hoffman<paul.hoffman at vpnc.org> writes:
> PH> Should that company run its own recursive resolver for its
> PH> employees, or should it continue to rely on its ISP?
>
> *Every* site should run its own (preferably verifying) resolver.
I have no problem with that as long as they are not open resolvers -- we
already have somewhere in the neighborhood of 28-30 million of them that
pose a direct threat to the health & wellbeing of the Internet at-large
because they can be used to facilitate DNS amplification attacks.
$.02,
- - ferg
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 10.2.0 (Build 2317)
Charset: utf-8
wj8DBQFSXv3jq1pz9mNUZTMRAtqnAKCP+X8u6KY7bM8tcRbE4OqR3vdFSgCfUFsP
lYcnCGhTPGDYZ2Z1atVB6/8=
=VvXW
-----END PGP SIGNATURE-----
--
Paul Ferguson
Vice President, Threat Intelligence
Internet Identity, Tacoma, Washington USA
IID --> "Connect and Collaborate" --> www.internetidentity.com
More information about the dns-operations
mailing list