nanog mailing list archives

Re: What DNS Is Not

From: Stephane Bortzmeyer <bortzmeyer () nic fr>
Date: Tue, 10 Nov 2009 22:34:15 +0900

On Mon, Nov 09, 2009 at 06:15:09PM -0500,
 David Ulevitch <davidu () everydns net> wrote 
 a message of 18 lines which said:

When the conficker worms phones home to one of the 50,000 potential
domains names it computes each day, there are a lot of IT folks out
there that wish their local resolver would simply reject those DNS
requests so that infected machines in their network fail to phone
home.


That's an extremely bad idea: many of the domains generated by the
Conficker algorithm are already registered by a legitimate registrant
(in .FR: the national railways, a national TV, etc).

Also, the example is not a good choice since Conficker now mostly uses
P2P: <http://mtc.sri.com/Conficker/P2P/> for those who like assembly
code and awful technical details.

Current thread:

Re: What DNS Is Not, (continued)
- - - Re: What DNS Is Not John Peach (Nov 10)
    - Re: What DNS Is Not sthaug (Nov 10)
    - Re: What DNS Is Not Florian Weimer (Nov 11)
    - RE: What DNS Is Not Jason Granat (Nov 11)
    - Re: What DNS Is Not Patrick W. Gilmore (Nov 11)
    - Re: What DNS Is Not sthaug (Nov 11)
    - Re: What DNS Is Not Valdis . Kletnieks (Nov 11)
    - Re: What DNS Is Not David Ulevitch (Nov 11)
    - Re: What DNS Is Not Florian Weimer (Nov 12)
    - Re: What DNS Is Not David Ulevitch (Nov 10)
    - Re: What DNS Is Not Stephane Bortzmeyer (Nov 10)
    - Re: What DNS Is Not sthaug (Nov 10)
    - Re: What DNS Is Not David Ulevitch (Nov 10)
    - Re: What DNS Is Not Jack Bates (Nov 09)
    - Re: What DNS Is Not Patrick W. Gilmore (Nov 09)
    - Re: What DNS Is Not Kevin Oberman (Nov 09)
    - Re: What DNS Is Not Paul Vixie (Nov 12)
    - RE: What DNS Is Not Warren Bailey (Nov 12)
    - Re: What DNS Is Not bmanning (Nov 09)
    - RE: What DNS Is Not Buhrmaster, Gary (Nov 09)
    - Re: What DNS Is Not David Andersen (Nov 09)

(Thread continues...)