DNS cache poisoning attacks -- are they real?
bmanning at vacation.karoshi.com
bmanning at vacation.karoshi.com
Sun Mar 27 21:25:29 UTC 2005
On Sun, Mar 27, 2005 at 11:36:26AM -0500, Joe Maimon wrote:
>
>
>
> Suresh Ramasubramanian wrote:
> >On Sat, 26 Mar 2005 17:52:56 -0500 (EST), Sean Donelan <sean at donelan.com>
> >wrote:
> >
> <snip>
> >
> >Thank $DEITY for large ISPs running open resolvers on fat pipes ..
> >those do come in quite handy in a resolv.conf sometimes, when I run
> >into this sort of behavior.
> >
> >--srs
> >
> >
>
> Slightly OT to parent thread...on the subject of open dns resolvers.
>
> Common best practices seem to suggest that doing so is a bad thing. DNS
> documentation and http://www.dnsreport.com appear to view this negatively.
er... common best practice for YOU... perhaps.
dnsreport.com is apparently someone who agrees w/ you.
and i know why some COMMERCIAL operators want to squeeze
every last lira from the services they offer...
but IMRs w/ unrestricted access are a good a valuable tool
for the Internet community at large.
IMR? - you know, an Interative Mode Resolver aka caching server.
> Joe
--bill
More information about the NANOG
mailing list