On Thu, Sep 11, 2008 at 12:32:15AM +0530,
venkatesh.bs [EMAIL PROTECTED] wrote
a message of 225 lines which said:
what may be DNS behaviour if the DNS server address is 0.0.0.0
Why don't you test? :-)
% dig @0.0.0.0 SOA .
...
;; ANSWER SECTION:
. 86400 IN
On Wed, Sep 10, 2008 at 03:17:51PM -0400,
Ron Bonica [EMAIL PROTECTED] wrote
a message of 39 lines which said:
Based on the response that we have seen from the WG so far, I don't
see any reason to amend the draft. BCP 38 is already published.
It is certain that any message by unnamed troll
Dear Dean,
[Removing Jorge from the CC-list, this reply is supposed to be
technical in nature. Also removing the IESG since this appears to be a
WG issue, they can go back to the archives if and when relevant]
The answer to both the questions is yes. There is still no evidence
for no,
2008/9/10 Ron Bonica [EMAIL PROTECTED]:
First layer of defense: BCP 38
Second layer of defense (because there are those who cannot or will not
implement the first layer): Restrict recursive service by default
If you mean 'restrict software configuration defaults', I'm OK with
that.
If
I know this sounds pedantic, but I noticed in the list of actions in
the name server management list add, modify and delete trust anchors
and other configuration details. Do we need to add view to that
list of actions? This would apply to Section 3.2.2 - 3.2.5
I can envision a role that
Please tell about the experiences you personally had with open recursor
attacks at Afilias.
Afilias doesn't seem to run open recursors--is that correct? Was
Afilias a target of an attack? If so, what did Afilias do to mitigate
the attack? Why couldn't the attack be mitigated using ordinary
Folks,
This is a reminder that only two questions are on the table. These are:
- is BCP38 enough to mitigate the attack vectors described in
draft-ietf-dnsop-reflectors-are-evil-06
- is filtering after the attack has begun good enough
Discussions of how many times this attack has been observed
On Thu, Sep 11, 2008 at 03:34:36PM -0400, Dean Anderson wrote:
Please tell about the experiences you personally had with open recursor
attacks at Afilias.
I guess I wasn't clear enough in my message: I am not in a position to
tell you about that. I am constrained by the non-disclosure terms of
On Thu, 11 Sep 2008, [UTF-8] OndÅej Surý wrote:
No. And I don't understand why the burden of open resolvers should
be put on shoulders of attacked DNS operators.
DNS operators aren't generally being attacked, and aren't generally
complaining of the burden. Almost no one is complaining of
In message [EMAIL PROTECTED], Scott Rose writes:
I know this sounds pedantic, but I noticed in the list of actions in
the name server management list add, modify and delete trust anchors
and other configuration details. Do we need to add view to that
list of actions? This would apply
10 matches
Mail list logo