Open Resolver Problems

Harry Hoffman hhoffman at ip-solutions.net
Tue Mar 26 16:59:25 UTC 2013


https://developers.google.com/speed/public-dns/docs/security

Cheers,
Harry

On 03/26/2013 11:07 AM, Valdis.Kletnieks at vt.edu wrote:
> On Tue, 26 Mar 2013 07:43:15 -0700, Tom Paseka said:
>> On Tue, Mar 26, 2013 at 7:38 AM, Jay Ashworth <jra at baylink.com> wrote:
> 
>>> Sure.  But OpenDNS, Google, and the other providers of recursive servers
>>> for edge cases can't do that anymore?
> 
>> Of cos they can. But they take the security of their open recursive servers
>> very seriously.  99.99999% of the open recursors dont, hence the problem.
> 
> And what, *exactly* do they do different from the other 5-9's?
> 
> So far, I've seen lots of people say "close that shit down", but only  2
> actual URLs posted that basically both say "only do recursion for IP addresses
> within your ASN". That's at least a *bit* more helpful than just telling us
> to close it down.  Unfortunately, we already know now to do that - but that
> isn't the problem that some of us are looking to solve, which is "queries from
> your own users mobile devices that are currently *outside* your ASN".
> 
> (And *please* make note that although the fine networking staff of AS1312
> can probably figure this out on our own once we're supplied with a big
> enough pile of square tuits and a belt sander, there's a *lot* of AS's out
> there that are going to need a tad more hand-holding...)
> 




More information about the NANOG mailing list