nanog mailing list archives
Re: Open Resolver Problems
From: John Kristoff <jtk () cymru com>
Date: Tue, 2 Apr 2013 17:29:00 -0500
On Mon, 1 Apr 2013 19:40:03 +0100 Tony Finch <dot () dotat at> wrote:
You should be able to get a reasonable sample of IPv6 resolvers from the query logs of a popular authoritative server.
When I tried this in the past for IPv4, I missed the majority of potential open resolvers / open forwarders on the net compared to just searching the entire address space. And I was examining this from the perspective of what a very large TLD was seeing. I think it is likely that there are going to be a significant number of IPv6-based resolvers that are aren't as easily knowable. This of course is potentially good too, since if they are really that hard to find, then it makes them less likely to be as easily abused. So, in addition to BCP 38 (and don't forget to mention BCP 84 in the same breath), RRL for auth servers and hardening/closing resolvers... we should be advocating the migration to DNS over IPv6-only? :-) John
Current thread:
- Re: Open Resolver Problems Jared Mauch (Apr 01)
- Re: Open Resolver Problems Tony Finch (Apr 01)
- Re: Open Resolver Problems Valdis . Kletnieks (Apr 01)
- Re: Open Resolver Problems joel jaeggli (Apr 01)
- Re: Open Resolver Problems John Kristoff (Apr 02)
- Re: Open Resolver Problems Valdis . Kletnieks (Apr 01)
- <Possible follow-ups>
- Re: Open Resolver Problems Chris Boyd (Apr 01)
- Re: Open Resolver Problems Paul Ferguson (Apr 01)
- Re: Open Resolver Problems Mikael Abrahamsson (Apr 01)
- FW: Open Resolver Problems Milt Aitken (Apr 01)
- Re: Open Resolver Problems Patrick W. Gilmore (Apr 01)
- Re: Open Resolver Problems Dobbins, Roland (Apr 01)
- Re: Open Resolver Problems Patrick W. Gilmore (Apr 01)
- Re: Open Resolver Problems Dobbins, Roland (Apr 01)
- Re: Open Resolver Problems Niels Bakker (Apr 01)
- RE: Open Resolver Problems Keith Medcalf (Apr 01)
- Re: Open Resolver Problems Patrick W. Gilmore (Apr 01)
- Re: Open Resolver Problems Tony Finch (Apr 01)