Open Resolver Problems

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Tue Mar 26 15:07:10 UTC 2013


On Tue, 26 Mar 2013 07:43:15 -0700, Tom Paseka said:
> On Tue, Mar 26, 2013 at 7:38 AM, Jay Ashworth <jra at baylink.com> wrote:

> > Sure.  But OpenDNS, Google, and the other providers of recursive servers
> > for edge cases can't do that anymore?

> Of cos they can. But they take the security of their open recursive servers
> very seriously.  99.99999% of the open recursors dont, hence the problem.

And what, *exactly* do they do different from the other 5-9's?

So far, I've seen lots of people say "close that shit down", but only  2
actual URLs posted that basically both say "only do recursion for IP addresses
within your ASN". That's at least a *bit* more helpful than just telling us
to close it down.  Unfortunately, we already know now to do that - but that
isn't the problem that some of us are looking to solve, which is "queries from
your own users mobile devices that are currently *outside* your ASN".

(And *please* make note that although the fine networking staff of AS1312
can probably figure this out on our own once we're supplied with a big
enough pile of square tuits and a belt sander, there's a *lot* of AS's out
there that are going to need a tad more hand-holding...)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 865 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20130326/c7706791/attachment.sig>


More information about the NANOG mailing list