Re: [DNSOP] Re: Last Call: draft-ietf-dnsop-reflectors-are-evil (Preventing Use of Recursive Nameservers in Reflector Attacks) to BCP

Joao Damas Fri, 28 Sep 2007 04:35:06 -0700

It does indeed as Stephane pointed out.

Opening up your resolver so you can server roaming users, withoutfurther protection, is, at best, naive.


Joao

On 28 Sep 2007, at 12:15, Jaap Akkerhuis wrote:

There are two major reasons for an organization to not wantroaming

    users to trust locally-assigned DNS servers.

Open recursive servers doesn't help in against man in the middle
attacks. If you want to avoid that use VPN's or (for DNS) TSIG.

I seem to remember that the ID actually mentions that.

        jaap

_______________________________________________
DNSOP mailing list
[EMAIL PROTECTED]
https://www1.ietf.org/mailman/listinfo/dnsop



_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Re: [DNSOP] Re: Last Call: draft-ietf-dnsop-reflectors-are-evil (Preventing Use of Recursive Nameservers in Reflector Attacks) to BCP

Reply via email to