nanog mailing list archives

RE: DNS DoS ???

From: "Frank Bulk" <frnkblk () iname com>
Date: Sat, 30 Jul 2011 20:09:18 -0500

More good stuff here: http://www.team-cymru.org/Services/Resolvers/

Frank

-----Original Message-----
From: Dobbins, Roland [mailto:rdobbins () arbor net] 
Sent: Friday, July 29, 2011 5:40 PM
To: NANOG list
Subject: Re: DNS DoS ???

On Jul 30, 2011, at 1:51 AM, Elliot Finley wrote:

my DNS servers were getting slow so I blocked recursive queries for all

but my own network.

This should be the standard practice.  By operating an open recursor, you
lend your DNS server to abuse as a contributor to DNS
reflection/amplification attacks.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com>

                The basis of optimism is sheer terror.

                          -- Oscar Wilde

Current thread:

Re: DNS DoS ???, (continued)
- - - Re: DNS DoS ??? John Adams (Jul 30)
    - Re: DNS DoS ??? Mike Sabbota (Jul 30)
    - Re: DNS DoS ??? Jimmy Hess (Jul 30)
    - Re: DNS DoS ??? Dobbins, Roland (Jul 30)
    - Re: DNS DoS ??? Jimmy Hess (Jul 30)
    - Re: DNS DoS ??? Dobbins, Roland (Jul 30)
    - Re: DNS DoS ??? Mark Andrews (Jul 31)
    - Re: DNS DoS ??? Dobbins, Roland (Jul 31)
    - Re: DNS DoS ??? Mark Andrews (Jul 31)
    - Re: DNS DoS ??? Dobbins, Roland (Jul 31)
  - RE: DNS DoS ??? Frank Bulk (Jul 30)