Geo. wrote:
>> We have done just this (block inbound udp/53) to certain subnets due to a
>> rash of CPEs that happily proxy DNS, including recursive queries,
>> from their WAN side.
>
> What devices? Is this a default or something customers are configuring?
Just about every Siemens/Efficient *DSL
Geo. wrote:
>> What is stopping you from running your own local DNS server?
>
> What is stopping you from running your own SMTP server? A port 25 block?
> Well if an ISP doesn't want to play whack-a-mole with unsecured dns servers
> popping up every day do you not think it likely that they will re
Florian Weimer wrote:
> * Piotr Kamisiski:
>
>
>>23:05:40.241026 IP 204.92.73.10.40760 > xx.xx.xx.xx.53: 38545+ [1au] ANY
>>ANY? e.mpisi.com. (40)
>
>
>
> 204.92.73.10 is one of the IP addresses for irc.efnet.ca. Someone is
> spoofing the source addresses, in the hope that DNS servers will
