nanog mailing list archives

Re: Open Resolver Problems

From: Mark Andrews <marka () isc org>
Date: Wed, 27 Mar 2013 13:27:55 +1100


In message <CAL89Sg+XDKc=_6UWosAZ=wyPJb9tm2GaN0-vDk8Kyiji+vEUUQ () mail gmail com>
, Tom Paseka writes:

On Tue, Mar 26, 2013 at 7:04 PM, Matthew Petach <mpetach () netflight com>wrot=
e:

On Tue, Mar 26, 2013 at 6:06 PM, John Levine <johnl () iecc com> wrote:

As a white-hat attempting to find problems to address through legitimat=

means, how

do you =85


You make friends with people with busy authoritative servers and see
who's querying them.


I'm confused.  Don't most authoritative servers have to
answer to just about anyone in order to be useful?

Matt


Authoritative DNS servers need to implement rate limiting. (a client
shouldn't query you twice for the same thing within its TTL).


You are assuming that there is a recursive server making the queries
and that there are not multiple recursive server behind a NAT.
Neither of these assumptions in true in practice and with the
deployment of CGNs these will become less true.

I have two recursive server at home behind a NAT today.  Both do
DNSSEC.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka () isc org

Current thread:

Re: Open Resolver Problems, (continued)
- - - Re: Open Resolver Problems John Levine (Mar 26)
    - Re: Open Resolver Problems Matthew Petach (Mar 26)
    - Re: Open Resolver Problems Tom Paseka (Mar 26)
    - Re: Open Resolver Problems Matthew Petach (Mar 26)
    - Re: Open Resolver Problems Jon Lewis (Mar 26)
    - Re: Open Resolver Problems Paul Ferguson (Mar 26)
    - Re: Open Resolver Problems Alain Hebert (Mar 27)
    - Re: Open Resolver Problems Jared Mauch (Mar 26)
    - Re: Open Resolver Problems Mark Andrews (Mar 26)
    - Re: Open Resolver Problems Paul Ferguson (Mar 26)
    - Re: Open Resolver Problems Mark Andrews (Mar 26)
    - Re: Open Resolver Problems William Herrin (Mar 27)
    - Re: Open Resolver Problems Joe Abley (Mar 27)
    - Re: Open Resolver Problems Tony Finch (Mar 27)
    - Re: Open Resolver Problems Jack Bates (Mar 27)
    - Re: Open Resolver Problems William Herrin (Mar 27)
    - Re: Open Resolver Problems Jack Bates (Mar 27)
    - Re: Open Resolver Problems Mark Andrews (Mar 27)
    - Re: Open Resolver Problems Tony Finch (Mar 27)
    - Re: Open Resolver Problems Jack Bates (Mar 27)
    - Re: Open Resolver Problems Tony Finch (Mar 27)

(Thread continues...)