This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/dns-wg@ripe.net/
[dns-wg] Name servers problems
- Previous message (by thread): [dns-wg] DNSSEC: Signed zones list
- Next message (by thread): [dns-wg] Name servers problems
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jaap Akkerhuis
jaap at NLnetLabs.nl
Mon Feb 27 11:11:32 CET 2006
For those not on NANOG, on that list is quite some discussion going on about using (recursive) name servers for amplicication attacks. The discussion starts at http://www.merit.edu/mail.archives/nanog/threads.html#16000.o There is a special mailing list devoted on this problem by the isc: http://lists.oarci.net/mailman/listinfo/dns-operations, and this list is open to anyone. There is an US cert warning about this: http://www.us-cert.gov/reading_room/DNS-recursion121605.pdf. The upshot is: Close your open recursive nameservers. Other info: http://dns.measurement-factory.com/surveys/sum1.html and a plug for a secure template by the cymru guys: http://www.cymru.com/Documents/secure-bind-template.html Maybe all this is worth a slot at the coming dns-wg (or eof) meeting? jaap Acknowledgement: Information compiled from messages from Harvey Allen, Lucy Lynch, Rob Thomas and others.
- Previous message (by thread): [dns-wg] DNSSEC: Signed zones list
- Next message (by thread): [dns-wg] Name servers problems
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]