DNS deluge for x.p.ctrc.cc

Jon Lewis jlewis at lewis.org
Sun Feb 26 16:53:06 UTC 2006

On Sat, 25 Feb 2006, Rob Thomas wrote:

> As many say, you own your network, and are free to run it as you see
> fit.  :)  That said, please be aware that if you leave your name
> servers open to recursive query requests from any source, you WILL
> unwittingly help to amplify these attacks.  It's the same as ICMP
> directed broadcast and the like.

This has been an issue for years.  Before the DDoSers started using open 
recursive DNS servers as a modern way to "smurf", spammers were abusing 
them by registering a domain, setting up DNS, loading the data into open 
recursive servers (by sending them queries), and then pointing the domains 
at those recursive servers...getting free DNS service and misdirecting 

The argument that DNS servers have always been open to recursion (so we 
shouldn't change it) sounds a lot like the open SMTP relay issue 5-10 
years ago.  It took years, but all but a few wingnuts seem to have finally 
caught on to the idea that open SMTP relays are a bad idea...enough so 
that spammers had to move on and adapt to open proxies, and then to botted 
systems / trojan proxies.

Besides, don't the DNS specs dictate that a proper DNS resolver will try 
again with TCP if the server tells it the UDP reply was truncated?

  Jon Lewis                   |  I route
  Senior Network Engineer     |  therefore you are
  Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

More information about the NANOG mailing list