North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: DNS deluge for x.p.ctrc.cc
On Sat, Feb 25, 2006 at 08:41:01AM +0000, [email protected] wrote: > robt wrote: [snip] > > Limit recursion to trusted netblocks and customers. Do not permit > > your name servers to provide recursion for the world. If you do, > > you will contribute to one of these attacks. > > <recursion is a fundamental DNS design feature, > restricting it to "walled gardens" cripples its usefullness> The bad guys abused open SMTP relaying and we couldn't use it anymore.* They've moved to the next thing that is widely open and will be abusable for a long time while some folks clamp down quickly, others argue against it, etc. Until we can factor out the bad guys, the diminishing returns on playing whack-a-mole will force us all to install more functional equivalent of signs saying "restrooms are for customers only". And no I don't like it either. Cheers, Joe * well, except those who wish to be marginalized. -- RSUC / GweepNet / Spunk / FnB / Usenix / SAGE
|