[dns-operations] Should medium-sized companies run their own recursive resolver?

Jared Mauch jared at puck.nether.net
Wed Oct 16 21:20:03 UTC 2013



> On Oct 16, 2013, at 4:58 PM, Paul Ferguson <fergdawgster at mykolab.com> wrote:
> 
> 
> 
> I have no problem with that as long as they are not open resolvers -- we
> already have somewhere in the neighborhood of 28-30 million of them that
> pose a direct threat to the health & wellbeing of the Internet at-large
> because they can be used to facilitate DNS amplification attacks.

90 percent of these are devices that folks here seem to assert the end-user are capable of managing or upgrading and intelligently operating. (90% is based on the rDNS of the devices matching typical dynamic user range regex, including small businesses that depend on DNS).

That's not the case, they are not well maintained. My ongoing measurements are proof of this. I await the trends to change and show some improvement, but I don't expect it.


More information about the dns-operations mailing list