nanog mailing list archives

Re: DNS DoS ???

From: "Dobbins, Roland" <rdobbins () arbor net>
Date: Fri, 29 Jul 2011 22:39:46 +0000

On Jul 30, 2011, at 1:51 AM, Elliot Finley wrote:

my DNS servers were getting slow so I blocked recursive queries for all but my own network.


This should be the standard practice.  By operating an open recursor, you lend your DNS server to abuse as a 
contributor to DNS reflection/amplification attacks.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com>

                The basis of optimism is sheer terror.

                          -- Oscar Wilde

Current thread:

DNS DoS ??? Elliot Finley (Jul 29)
- Re: DNS DoS ??? Stefan Fouant (Jul 29)
- Re: DNS DoS ??? Thomas York (Jul 29)
- RE: DNS DoS ??? Drew Weaver (Jul 29)
  - RE: DNS DoS ??? Blake T. Pfankuch (Jul 29)
- Re: DNS DoS ??? Dobbins, Roland (Jul 29)
  - RE: DNS DoS ??? Drew Weaver (Jul 30)
    - RE: DNS DoS ??? Jon Lewis (Jul 30)
    - RE: DNS DoS ??? Alex Nderitu (Jul 30)
    - Re: DNS DoS ??? John Adams (Jul 30)
    - Re: DNS DoS ??? Mike Sabbota (Jul 30)
    - Re: DNS DoS ??? Jimmy Hess (Jul 30)
    - Re: DNS DoS ??? Dobbins, Roland (Jul 30)
    - Re: DNS DoS ??? Jimmy Hess (Jul 30)
    - Re: DNS DoS ??? Dobbins, Roland (Jul 30)
    - Re: DNS DoS ??? Mark Andrews (Jul 31)

(Thread continues...)