DNS Amplification Attacks

Mon Mar 20 22:29:26 UTC 2006

Joseph S D Yao wrote:
> On Mon, Mar 20, 2006 at 11:30:46PM +0200, Gadi Evron wrote:
> ...
> 
>>Where did that come from? I respect you but please, let's have a 
>>technical discussion. This is important enough for us all to avoid the 
>>flame-wars for now. Don't move this thread to politics or lunacies.
> 
> ...
> 
> 
> Then leave governments out of it, and re-phrase the question in this
> way.  If one can not run one's own DNS server on the public Internet,
> but must rely on a DNS service supplier for your DNS, and at some point
> you start to wonder about the technical competence or correct configura-
> tion of the DNS service supplier whose DNS you are configured to use,
> and all other DNS servers out there are configured to refuse recursive
> service except perhaps to their own population, than against what can
> you compare the DNS service that you are getting, to see whether it is
> giving you what "the world" should be seeing?
> 
> 

That is exactly what worries me.

In germany censoring is commonplace. You have to use foraign resolvers
to escape it. There is a lot collateral dammage too - governement has
provided the tools. Corrupt people use it to play tricks on their
"friends".

How about alternative roots? ICANN does censor "XN--55QX5D.", "XN--FIQS8S."
and "XN--IO0A7I." already. You must use alternative roots to exchange emails
with people living in those domains.

Banning open resolvers means censoring for a lot of people, at least
if they cannot run their own servers.

Regards
Peter and Karin Dambier

-- 
Peter and Karin Dambier
The Public-Root Consortium
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(179)108-3978 (O2 Genion)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
mail: peter at echnaton.serveftp.com
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/