DNS DoS ???

Dobbins, Roland rdobbins at arbor.net
Fri Jul 29 22:39:46 UTC 2011


On Jul 30, 2011, at 1:51 AM, Elliot Finley wrote:

> my DNS servers were getting slow so I blocked recursive queries for all but my own network.

This should be the standard practice.  By operating an open recursor, you lend your DNS server to abuse as a contributor to DNS reflection/amplification attacks.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

		The basis of optimism is sheer terror.

			  -- Oscar Wilde





More information about the NANOG mailing list