nanog mailing list archives

Re: Open Resolver Problems

From: Mark Andrews <marka () isc org>
Date: Tue, 02 Apr 2013 11:53:03 +1100


In message <44ECD7B5-D9A4-408B-A132-29241DE3A867 () ianai net>, "Patrick W. Gilmore" writes:

On Apr 01, 2013, at 11:55 , "Milt Aitken" <milt () net2atlanta com> wrote:

Most of our DSL customers have modem/routers that resolve DNS
externally.
And most of those have no configuration option to stop it.
So, we took the unfortunate step of ACL blocking DNS requests to & from
the DSL network unless the requests are to our DNS servers.

Suboptimal, but it stopped the DNS amplification attacks.


I was going to suggest exactly this.

Don't most broadband networks have a line in their AUP about running 
servers? Wouldn't a DNS server count as 'a server'? Then wouldn't running 
one violate the AUP?

This gives the provider a hammer to hit the user over the head. Although 
that is quite unlikely, so the better point is that it also gives the 
provider cover in case some user complains about the provider filtering.

You can always make an exception if the user is extremely loud.

-- 
TTFN,
patrick


Actually a lot don't have such a line.  Such lines are tantamount
to extortion especially if the ISP supplies commercial grade lines.

That said blocking by default with the option to open it up on
request, the same as smtp is opened on request, might be viable.

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka () isc org

Current thread:

Re: Open Resolver Problems, (continued)
- - - Re: Open Resolver Problems Patrick W. Gilmore (Apr 01)
    - Re: Open Resolver Problems Dobbins, Roland (Apr 01)
    - Re: Open Resolver Problems Niels Bakker (Apr 01)
    - RE: Open Resolver Problems Keith Medcalf (Apr 01)
    - Re: Open Resolver Problems Måns Nilsson (Apr 01)
    - Re: Open Resolver Problems Mikael Abrahamsson (Apr 01)
    - Re: Open Resolver Problems Måns Nilsson (Apr 02)
    - Re: Open Resolver Problems Niels Bakker (Apr 01)
    - Re: Open Resolver Problems Jared Mauch (Apr 01)
    - Re: Open Resolver Problems Niels Bakker (Apr 01)
    - Re: Open Resolver Problems Mark Andrews (Apr 01)
    - Re: Open Resolver Problems Dobbins, Roland (Apr 01)
    - Re: Open Resolver Problems Mark Andrews (Apr 01)
    - Re: Open Resolver Problems Dobbins, Roland (Apr 01)
    - Re: Open Resolver Problems Owen DeLong (Apr 01)
    - Re: Open Resolver Problems Paul Ferguson (Apr 01)
    - Re: Open Resolver Problems Dobbins, Roland (Apr 01)
    - Re: Open Resolver Problems Owen DeLong (Apr 01)
    - Re: Open Resolver Problems Dobbins, Roland (Apr 01)
    - Re: Open Resolver Problems Owen DeLong (Apr 01)
    - Re: Open Resolver Problems Dobbins, Roland (Apr 01)

(Thread continues...)