nanog mailing list archives

Re: Open Resolver Problems

From: John Kristoff <jtk () cymru com>
Date: Tue, 2 Apr 2013 17:29:00 -0500

On Mon, 1 Apr 2013 19:40:03 +0100
Tony Finch <dot () dotat at> wrote:

You should be able to get a reasonable sample of IPv6 resolvers from
the query logs of a popular authoritative server.


When I tried this in the past for IPv4, I missed the majority of
potential open resolvers / open forwarders on the net compared to just
searching the entire address space.  And I was examining this from
the perspective of what a very large TLD was seeing.

I think it is likely that there are going to be a significant number of
IPv6-based resolvers that are aren't as easily knowable. This of course
is potentially good too, since if they are really that hard to find,
then it makes them less likely to be as easily abused.

So, in addition to BCP 38 (and don't forget to mention BCP 84 in the
same breath), RRL for auth servers and hardening/closing resolvers... we
should be advocating the migration to DNS over IPv6-only?  :-)

John

Current thread:

Re: Open Resolver Problems Jared Mauch (Apr 01)
- Re: Open Resolver Problems Tony Finch (Apr 01)
  - Re: Open Resolver Problems Valdis . Kletnieks (Apr 01)
    - Re: Open Resolver Problems joel jaeggli (Apr 01)
  - Re: Open Resolver Problems John Kristoff (Apr 02)
- <Possible follow-ups>
- Re: Open Resolver Problems Chris Boyd (Apr 01)
  - Re: Open Resolver Problems Paul Ferguson (Apr 01)
  - Re: Open Resolver Problems Mikael Abrahamsson (Apr 01)
- FW: Open Resolver Problems Milt Aitken (Apr 01)
  - Re: Open Resolver Problems Patrick W. Gilmore (Apr 01)
    - Re: Open Resolver Problems Dobbins, Roland (Apr 01)
    - Re: Open Resolver Problems Patrick W. Gilmore (Apr 01)
    - Re: Open Resolver Problems Dobbins, Roland (Apr 01)
    - Re: Open Resolver Problems Niels Bakker (Apr 01)
    - RE: Open Resolver Problems Keith Medcalf (Apr 01)

(Thread continues...)