DNS Amplification Attacks
Peter Dambier
peter at peter-dambier.de
Mon Mar 20 22:29:26 UTC 2006
Joseph S D Yao wrote:
> On Mon, Mar 20, 2006 at 11:30:46PM +0200, Gadi Evron wrote:
> ...
>
>>Where did that come from? I respect you but please, let's have a
>>technical discussion. This is important enough for us all to avoid the
>>flame-wars for now. Don't move this thread to politics or lunacies.
>
> ...
>
>
> Then leave governments out of it, and re-phrase the question in this
> way. If one can not run one's own DNS server on the public Internet,
> but must rely on a DNS service supplier for your DNS, and at some point
> you start to wonder about the technical competence or correct configura-
> tion of the DNS service supplier whose DNS you are configured to use,
> and all other DNS servers out there are configured to refuse recursive
> service except perhaps to their own population, than against what can
> you compare the DNS service that you are getting, to see whether it is
> giving you what "the world" should be seeing?
>
>
That is exactly what worries me.
In germany censoring is commonplace. You have to use foraign resolvers
to escape it. There is a lot collateral dammage too - governement has
provided the tools. Corrupt people use it to play tricks on their
"friends".
How about alternative roots? ICANN does censor "XN--55QX5D.", "XN--FIQS8S."
and "XN--IO0A7I." already. You must use alternative roots to exchange emails
with people living in those domains.
Banning open resolvers means censoring for a lot of people, at least
if they cannot run their own servers.
Regards
Peter and Karin Dambier
--
Peter and Karin Dambier
The Public-Root Consortium
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(179)108-3978 (O2 Genion)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
mail: peter at echnaton.serveftp.com
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/
More information about the NANOG
mailing list