https://developers.google.com/speed/public-dns/docs/security
Cheers, Harry On 03/26/2013 11:07 AM, valdis.kletni...@vt.edu wrote: > On Tue, 26 Mar 2013 07:43:15 -0700, Tom Paseka said: >> On Tue, Mar 26, 2013 at 7:38 AM, Jay Ashworth <j...@baylink.com> wrote: > >>> Sure. But OpenDNS, Google, and the other providers of recursive servers >>> for edge cases can't do that anymore? > >> Of cos they can. But they take the security of their open recursive servers >> very seriously. 99.99999% of the open recursors dont, hence the problem. > > And what, *exactly* do they do different from the other 5-9's? > > So far, I've seen lots of people say "close that shit down", but only 2 > actual URLs posted that basically both say "only do recursion for IP addresses > within your ASN". That's at least a *bit* more helpful than just telling us > to close it down. Unfortunately, we already know now to do that - but that > isn't the problem that some of us are looking to solve, which is "queries from > your own users mobile devices that are currently *outside* your ASN". > > (And *please* make note that although the fine networking staff of AS1312 > can probably figure this out on our own once we're supplied with a big > enough pile of square tuits and a belt sander, there's a *lot* of AS's out > there that are going to need a tad more hand-holding...) >
