About RIPE | Contact  | Search | Sitemap    
Homepage RIPE  
RIPE Community Mail Archives
search  
     
Next Sectionyou are here: RIPE -> RIPE Maillists > Archives
RIPE Navigation Ends
About RIPE Maillists
Maillists Archive
Global Lists
Non Active Lists
RIPE NCC Navigation Ends
Next Section
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

[dns-wg] Name servers problems

  • From: Jaap Akkerhuis jaap@localhost
  • Date: Mon, 27 Feb 2006 11:11:32 +0100
For those not on NANOG, on that list is quite some discussion going
on about using (recursive) name servers for amplicication attacks.
The discussion starts at
http://www.merit.edu/mail.archives/nanog/threads.html#16000.o

There is a special mailing list devoted on this problem by the isc:
http://lists.oarci.net/mailman/listinfo/dns-operations, and this
list is open to anyone.

There is an US cert warning about this:
http://www.us-cert.gov/reading_room/DNS-recursion121605.pdf.

The upshot is: Close your open recursive nameservers.

Other info: http://dns.measurement-factory.com/surveys/sum1.html
and a plug for a secure template by the cymru guys:
http://www.cymru.com/Documents/secure-bind-template.html

Maybe all this is worth a slot at the coming dns-wg (or eof) meeting?

	jaap

Acknowledgement: Information compiled from messages from Harvey
Allen, Lucy Lynch, Rob Thomas and others.
Post To The List:

Replies

<<< Chronological >>> Author    Subject <<< Threads >>>
 

Next Section
     About RIPE | Site Map | LIR Portal | About the RIPE NCC | Contact | © RIPE Community. All rights reserved.
RIPE.NET Homepage LIR Portal RIPE Community