North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Sitefinder II, the sequel...
- From: Chris Woodfield
- Date: Thu Jul 13 09:36:52 2006
Going off on something of a tangent, I'd be really curious what sort
of efforts OpenDNS are making/will need to make in order to limit
their servers' utility as a relay for amplification attacks (which
I'm listening to a discussion on at IETF as I type).
On Jul 13, 2006, at 8:08 AM, Patrick W. Gilmore wrote:
On Jul 13, 2006, at 3:39 AM, Simon Waters wrote:
Most of those I know try to deploy recursive services as close as
the client, avoiding where possible alternative views of the DNS, and
Would that everyone did what the people you know do.
Unfortunately, there are a few providers doing things like
outsourcing their recursive service to, say, their upstream, or
having one "node" of recursive servers anywhere in the world for
all their end users. These providers violate the first part of
The second part doesn't make any sense to me. It seems that having
multiple, geographically disparate recursive name servers would be
more likely to present an "alternative [view] of the DNS". (In
fact, I can prove that's true in at least some cases. :) So you
are actually arguing -against- your first point.
That said, no one has yet said why it is necessary, or even
desirable, to have a completely homogenous view of the world.
Perhaps time to ask Brad, Paul and Cricket what they think, and
to their comments.
Perhaps. However, in the last DNS related thread, Paul made a
pretty strong claim (violating a protocol) and showed exactly
_ZERO_ facts to back it up, despite being asked at least five times
(by my count).
With automated responses to "bad things", it is usually best to
scope of the change. Similarly typo correction makes sense for
URLs, but not
for most other uses of the DNS (hence the proviso you make to
switch it off
if you use RBL, although I'd say switch it off for all email
servers less you
start correcting spambot crud, our email servers make a DNS check
senders domain, that doesn't want correcting either), so the
probably browser plug-in (although most browsers already try to
you meant to some extent).
Perhaps something as simple as a preference only 'correcting'
queries that begin with "www"?