Best practice on TCP replies for ANY queries

Paul Ferguson fergdawgster at
Thu Dec 12 20:26:35 UTC 2013

Hash: SHA1


Also, open resolvers are harmful to the Internet, so it would not surprise
me to see organizations to begin blocking any communication with them by
published lists open recursive resolvers.

- - ferg.

On 12/12/2013 8:23 AM, SiNA Rabbani wrote:

 > The Internet will be a better place with less open resolvers around.
 > --SiNA
 > On Dec 12, 2013 5:32 AM, "Tony Finch" <dot at> wrote:
 >> Anurag Bhatia <me at> wrote:
 >>> Now I see presence of some (legitimate) DNS forwarders and hence I
 >>> don't wish to limit queries.
 >> You are going to have to change your mind about this one. Open recursive
 >> resolvers are a really bad idea, unless you can afford a lot of time and
 >> cleverness to manage the abuse. Get your users to choose a more
 >> appropriate name server, and restrict your name server to your local
 >> networks.
 >> Tony.
 >> --
 >> f.anthony.n.finch  <dot at>
 >> Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at
 >> first.
 >> Rough, becoming slight or moderate. Showers, rain at first. Moderate or
 >> good,
 >> occasionally poor at first.

Version: PGP Desktop 10.2.0 (Build 2317)
Charset: utf-8


Paul Ferguson
PGP Public Key ID: 0x63546533

More information about the NANOG mailing list