|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: DNS cache poisoning attacks -- are they real?
On Sun, Mar 27, 2005 at 11:36:26AM -0500, Joe Maimon wrote: > > > > Suresh Ramasubramanian wrote: > >On Sat, 26 Mar 2005 17:52:56 -0500 (EST), Sean Donelan <[email protected]> > >wrote: > > > <snip> > > > >Thank $DEITY for large ISPs running open resolvers on fat pipes .. > >those do come in quite handy in a resolv.conf sometimes, when I run > >into this sort of behavior. > > > >--srs > > > > > > Slightly OT to parent thread...on the subject of open dns resolvers. > > Common best practices seem to suggest that doing so is a bad thing. DNS > documentation and http://www.dnsreport.com appear to view this negatively. er... common best practice for YOU... perhaps. dnsreport.com is apparently someone who agrees w/ you. and i know why some COMMERCIAL operators want to squeeze every last lira from the services they offer... but IMRs w/ unrestricted access are a good a valuable tool for the Internet community at large. IMR? - you know, an Interative Mode Resolver aka caching server. > Joe --bill
|