Best practice on TCP replies for ANY queries

Paul Ferguson fergdawgster at mykolab.com
Thu Dec 12 20:26:35 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Also:

http://openresolverproject.org/


Also, open resolvers are harmful to the Internet, so it would not surprise
me to see organizations to begin blocking any communication with them by
published lists open recursive resolvers.

- - ferg.

On 12/12/2013 8:23 AM, SiNA Rabbani wrote:


 > http://www.team-cymru.org/Services/Resolvers/
 >
 > The Internet will be a better place with less open resolvers around.
 >
 > --SiNA
 > On Dec 12, 2013 5:32 AM, "Tony Finch" <dot at dotat.at> wrote:
 >
 >> Anurag Bhatia <me at anuragbhatia.com> wrote:
 >>>
 >>> Now I see presence of some (legitimate) DNS forwarders and hence I
 >>> don't wish to limit queries.
 >>
 >> You are going to have to change your mind about this one. Open recursive
 >> resolvers are a really bad idea, unless you can afford a lot of time and
 >> cleverness to manage the abuse. Get your users to choose a more
 >> appropriate name server, and restrict your name server to your local
 >> networks.
 >>
 >> Tony.
 >> --
 >> f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
 >> Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at
 >> first.
 >> Rough, becoming slight or moderate. Showers, rain at first. Moderate or
 >> good,
 >> occasionally poor at first.
 >>
 >>
 >
 >

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 10.2.0 (Build 2317)
Charset: utf-8

wj8DBQFSqhvyq1pz9mNUZTMRAiXgAKCDaQ1KmlVCjXKffz0bVmHRGpbwxgCfXEk7
tHQx8SXtY/xNFLm2L3Uu8x8=
=tTIW
-----END PGP SIGNATURE-----


-- 
Paul Ferguson
PGP Public Key ID: 0x63546533




More information about the NANOG mailing list