nanog mailing list archives
Re: Interesting new dns failures
From: "Fergie" <fergdawg () netzero net>
Date: Tue, 22 May 2007 21:40:43 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -- David Ulevitch <davidu () everydns net> wrote:
But very few people (okay, not nobody) are saying, "Hey, why should I
allow that compromised windows box that has never sent me an MX request before all of the sudden be able to request 10,000 MX records across my resolvers?" "Why am I resolving a domain name that was just added into the DNS an hour ago but has already changed NS servers 50 times?"
These questions, and more (but I'm biased to DNS), can be solved at the
edge for those who want them. It's decentralized there. It's done the right way there. It's also doable in a safe and fail-open kind of way.
David, As you (and some others) may be aware, that's an approach that we (Trend Micro) took a while back, but we got a lot (that's an understatement) of push-back from service providers, specifically, because they're not very inclined to change out their infrastructure (in this case, their recursive DNS) for something that could identify these types of behaviors. And actually, in the case you mentioned above -- to identify this exact specific behavior. - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) wj8DBQFGU2NQq1pz9mNUZTMRAn5EAKCxlJ6uAkM+GMK15oCezkBVXHcBpgCeLuzK Sn4ppcRBy8Nbc5MJU+zYiSE= =+JDX -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
Current thread:
- Re: Use of portions of 44.0.0.0/8?, (continued)
- Re: Use of portions of 44.0.0.0/8? Andy Brezinsky (May 21)
- OK - functioning administration of 44.0.0.0/8 Neal R (May 21)
- Re: OK - functioning administration of 44.0.0.0/8 Harald Koch (May 21)
- Re: Use of portions of 44.0.0.0/8? Joel Jaeggli (May 21)
- Re: Interesting new dns failures John Curran (May 21)
- Re: Interesting new dns failures Chris L. Morrow (May 21)
- Re: Interesting new dns failures David Ulevitch (May 22)
- Re: Interesting new dns failures Chris L. Morrow (May 22)
- Re: Interesting new dns failures Chris L. Morrow (May 24)
- Re: Interesting new dns failures Roger Marquis (May 24)
- Re: Interesting new dns failures John Levine (May 24)
- Re: Interesting new dns failures Per Heldal (May 25)
- Re: Interesting new dns failures Simon Waters (May 25)