North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: DNS Amplification Attacks

  • From: Peter Dambier
  • Date: Mon Mar 20 17:30:33 2006

Joseph S D Yao wrote:
On Mon, Mar 20, 2006 at 11:30:46PM +0200, Gadi Evron wrote:

Where did that come from? I respect you but please, let's have a technical discussion. This is important enough for us all to avoid the flame-wars for now. Don't move this thread to politics or lunacies.

Then leave governments out of it, and re-phrase the question in this
way.  If one can not run one's own DNS server on the public Internet,
but must rely on a DNS service supplier for your DNS, and at some point
you start to wonder about the technical competence or correct configura-
tion of the DNS service supplier whose DNS you are configured to use,
and all other DNS servers out there are configured to refuse recursive
service except perhaps to their own population, than against what can
you compare the DNS service that you are getting, to see whether it is
giving you what "the world" should be seeing?

That is exactly what worries me.

In germany censoring is commonplace. You have to use foraign resolvers
to escape it. There is a lot collateral dammage too - governement has
provided the tools. Corrupt people use it to play tricks on their

How about alternative roots? ICANN does censor "XN--55QX5D.", "XN--FIQS8S."
and "XN--IO0A7I." already. You must use alternative roots to exchange emails
with people living in those domains.

Banning open resolvers means censoring for a lot of people, at least
if they cannot run their own servers.

Peter and Karin Dambier

Peter and Karin Dambier
The Public-Root Consortium
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(179)108-3978 (O2 Genion)
+49(6252)750-308 (VoIP:
mail: [email protected]
mail: [email protected]