Open Resolver Problems

• Previous message (by thread): Open Resolver Problems
• Next message (by thread): Open Resolver Problems
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 1 Apr 2013 19:40:03 +0100
Tony Finch <dot at dotat.at> wrote:

> You should be able to get a reasonable sample of IPv6 resolvers from
> the query logs of a popular authoritative server.

When I tried this in the past for IPv4, I missed the majority of
potential open resolvers / open forwarders on the net compared to just
searching the entire address space.  And I was examining this from
the perspective of what a very large TLD was seeing.

I think it is likely that there are going to be a significant number of
IPv6-based resolvers that are aren't as easily knowable. This of course
is potentially good too, since if they are really that hard to find,
then it makes them less likely to be as easily abused.

So, in addition to BCP 38 (and don't forget to mention BCP 84 in the
same breath), RRL for auth servers and hardening/closing resolvers... we
should be advocating the migration to DNS over IPv6-only?  :-)

John

• Previous message (by thread): Open Resolver Problems
• Next message (by thread): Open Resolver Problems
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]