Thank you, Comcast.
rdobbins at arbor.net
Fri Feb 26 16:30:31 UTC 2016
On 26 Feb 2016, at 23:15, Mike Hammett wrote:
> I think you'd be hard pressed to find more than a tenth of a percent
> of people attempt to run their own DNS server.
You'll find a heck of a lot more of them doing so unknowingly, because
they're running misconfigured, abusable CPE devices which can be
leveraged by attackers to launch DNS reflection/amplification attacks.
Note that outbound/crossbound DDoS attacks can have just as much of a
negative impact on availability as inbound DDoS attacks; even more, when
multiple attackers are abusing the same reflectors/amplifiers (which is
often the case).
And even that small tenth of a percent who're deliberately running their
own DNS servers can end up inadvertently causing disruption if they're
running those DNS servers as open recursors.
Roland Dobbins <rdobbins at arbor.net>
More information about the NANOG