I have read all your responses, and appreciate the help on this one. I have a few questions still.
Is returning non publicly routable addresses such as 192. and 127. etc in the public side of DNS allowed? I read once it was generally frowned upon, but am not sure it is technically in violation of any RFC. I consider this issue with openDNS to be a vulnerability, and a DDoS vector, correct me if I am wrong. OpenDNS can generate, in my tests, around 70 queries per second to my NS. The qualifications are that my NS be the SOA, but not have any zone data loaded. Open DNS asks for whatever you request, and then asks again, and again, and again. I can run curl host.com --timeout 9999 and that will hit my NS really hard. OpenDNS is a large operation, handling I hear, millions of queries in very short time. Many people use them as well. A mere few hundred bots, or just a few hundred script kids, with their resolver pointed to open DNS, and a public NS they do not like, is all it would take to take that public NS down. I know my machine can not handle 50,000 queries per second, and I know most of the rest of the NS's out there can not either. Even Comcast is overloaded. How much would it really take to put a burden on even a large ISP like comcast. While I could block openDNS by their two IP's, so many people use them, I think this behavior would be as bad as theirs. I do not think I should have to add zones for domains I do not want to, and putting a * record in place just to patch them is nothing I want to do on a full time basis. Anyone can register a domain, anyone can put any NS into the DNS server field at their registrar. I have contacted openDNS, their first reply was to tell me the problem was resolved. I suspect since I mentioned a specific domain, they simply refreshed the zone. They did not take the time to read my entire report to them. I have now replied twice, asking for clarification, and providing another example. I have not received reply in 2 days. As far as I can tell, the ticket is now closed. Do you agree with me, this is clearly bad behavior? As long as I am not off my rocker in my thoughts, I will pursue this to get it fixed. If I am off base, let me know, and I will consider this normal behavior, even though I think it is strange. -- Scott
