Open Resolver Problems

John Kristoff jtk at cymru.com
Tue Apr 2 23:16:23 UTC 2013


On Tue, 2 Apr 2013 18:41:17 -0400
Joe Abley <jabley at hopcount.ca> wrote:

> 26/1000 is more than zero but still quite small. Subsequent samples
> with bigger sizes give 332/100000, 3017/1000000.
> 
> No science here, but 2% - 3% is what it looks like, which is big
> enough to be a noticeable support cost for a medium-scale provider if
> the customer damage is not robo-mediated in some way (e.g. whitelist
> known offenders to avoid the support phone glowing red when you first
> turn it on).

Thanks Joe.  That is interesting.

I can only imagine that on the customer side there are queries coming
from something other than typical OS stub resolvers on unix and
Windows based hosts.  I suppose some sort of NAT/PAT box could account
for some of it, maybe more likely could be some common CPE forwarder
that uses that port by default.  If the latter, that might be
considered a serious enough risk that the vendor should address it if
they haven't already.

If no one else does, another side project I'll add to my list of things
to do on a rainy day.

John




More information about the NANOG mailing list