[dns-operations] Botnets, botnets everywhere
Stephane Bortzmeyer
bortzmeyer at nic.fr
Thu Sep 11 13:45:40 UTC 2014
On Thu, Sep 11, 2014 at 09:00:37PM +0800,
Roland Dobbins <rdobbins at arbor.net> wrote
a message of 29 lines which said:
> FYI, most of these queries seem to be reflected through abusable CPE
> devices which are misconfigured by default as open recursors or DNS
> forwarders. It may be worth considering investigating, and if this
> proves to be the case, blacklisting those netblocks and contacting
> the operator(s) in question
Many open resolvers do not forward directly but send to a big resolver
such as Google Public DNS (which you cannot obviously blacklist). The
authoritative name servers therefore do not see directly the open
resolver.
Source: "Open Resolvers in COM/NET Resolution" by Duane Wessels at
OARC 2014
<https://indico.dns-oarc.net/conferenceTimeTable.py?confId=19#20140511>
More information about the dns-operations
mailing list