North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: DNS deluge for

  • From: Joe Provo
  • Date: Sat Feb 25 11:25:49 2006

On Sat, Feb 25, 2006 at 08:41:01AM +0000, [email protected] wrote:
> robt wrote:
> > Limit recursion to trusted netblocks and customers.  Do not permit
> > your name servers to provide recursion for the world.  If you do,
> > you will contribute to one of these attacks.
> 	<recursion is a fundamental DNS design feature,
> 	 restricting it to "walled gardens" cripples its usefullness>

The bad guys abused open SMTP relaying and we couldn't use it anymore.*
They've moved to the next thing that is widely open and will be abusable 
for a long time while some folks clamp down quickly, others argue against
it, etc.  Until we can factor out the bad guys, the diminishing returns 
on playing whack-a-mole will force us all to install more functional
equivalent of signs saying "restrooms are for customers only". And no
I don't like it either.



* well, except those who wish to be marginalized.

             RSUC / GweepNet / Spunk / FnB / Usenix / SAGE