[dns-operations] Botnets, botnets everywhere

Stephane Bortzmeyer bortzmeyer at nic.fr
Thu Sep 11 13:45:40 UTC 2014

On Thu, Sep 11, 2014 at 09:00:37PM +0800,
 Roland Dobbins <rdobbins at arbor.net> wrote 
 a message of 29 lines which said:

> FYI, most of these queries seem to be reflected through abusable CPE
> devices which are misconfigured by default as open recursors or DNS
> forwarders.  It may be worth considering investigating, and if this
> proves to be the case, blacklisting those netblocks and contacting
> the operator(s) in question

Many open resolvers do not forward directly but send to a big resolver
such as Google Public DNS (which you cannot obviously blacklist). The
authoritative name servers therefore do not see directly the open

Source: "Open Resolvers in COM/NET Resolution" by Duane Wessels at
OARC 2014

More information about the dns-operations mailing list