30 Jul
2011
30 Jul
'11
9:09 p.m.
More good stuff here: http://www.team-cymru.org/Services/Resolvers/ Frank -----Original Message----- From: Dobbins, Roland [mailto:rdobbins@arbor.net] Sent: Friday, July 29, 2011 5:40 PM To: NANOG list Subject: Re: DNS DoS ??? On Jul 30, 2011, at 1:51 AM, Elliot Finley wrote:
my DNS servers were getting slow so I blocked recursive queries for all but my own network.
This should be the standard practice. By operating an open recursor, you lend your DNS server to abuse as a contributor to DNS reflection/amplification attacks. ----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com> The basis of optimism is sheer terror. -- Oscar Wilde