DNS Amplification Attacks

Florian Weimer fw at deneb.enyo.de
Wed Mar 22 19:33:55 UTC 2006

* Peter Dambier:

> In germany censoring is commonplace. You have to use foraign resolvers
> to escape it. There is a lot collateral dammage too - governement has
> provided the tools.

This is not true.  There has been some questionable advice by a
regulatory body, though.  Most damage is done by ISPs which simply do
not adjust the filters to the moving target and run them as-is since
2001 or so.  Null routes tend to filter a different customer after
such a long time.

> How about alternative roots? ICANN does censor "XN--55QX5D.", "XN--FIQS8S."
> and "XN--IO0A7I." already. You must use alternative roots to exchange emails
> with people living in those domains.

Unfortunately, they also censor "ENYO.".

More information about the NANOG mailing list