nanog mailing list archives

Re: Tightened DNS security question re: DNS amplification attacks.

From: Florian Weimer <fweimer () bfk de>
Date: Thu, 29 Jan 2009 14:01:15 +0100

* Mark Andrews:

      The most common reason for recursive queries to a authoritative
      server is someone using dig, nslookup or similar and forgeting
      to disable recursion on the request.


dnscache in "forward only" mode also sets the RD bit, and apparently
does not restrict itself to the configured forwarders list.  (This is
based on a public report, not on first-hand knowledge.)

-- 
Florian Weimer                <fweimer () bfk de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99

Current thread:

Re: cogent issues?, (continued)
- - - Re: cogent issues? Brandon Galbraith (Jan 28)
    - Re: cogent issues? Ray Sanders (Jan 28)
    - Re: cogent issues? Wil Schultz (Jan 28)
    - Re: cogent issues? John Martinez (Jan 28)
    - RE: cogent issues? Ryan Werber (Jan 28)
    - Re: cogent issues? John Martinez (Jan 28)
    - Re: cogent issues? John Martinez (Jan 28)
    - Re: Tightened DNS security question re: DNS amplification attacks. Phil Pennock (Jan 28)
    - Re: Tightened DNS security question re: DNS amplification attacks. Phil Pennock (Jan 28)
    - Re: Tightened DNS security question re: DNS amplification attacks. Mark Andrews (Jan 28)
    - Re: Tightened DNS security question re: DNS amplification attacks. Florian Weimer (Jan 29)
    - Re: Tightened DNS security question re: DNS amplification attacks. Phil Pennock (Jan 29)
    - Re: Tightened DNS security question re: DNS amplification attacks. William Allen Simpson (Jan 28)
    - Re: Tightened DNS security question re: DNS amplification attacks. Douglas C. Stephens (Jan 28)
    - Re: Tightened DNS security question re: DNS amplification attacks. Mark Andrews (Jan 28)
    - Re: Tightened DNS security question re: DNS amplification attacks. jay (Jan 27)
- RE: out-of-band access bandwidth Church, Charles (Jan 27)
- Re: out-of-band access bandwidth chuck goolsbee (Jan 27)
  - Re: out-of-band access bandwidth Leigh Porter (Jan 27)
  - Re: out-of-band access bandwidth Seth Mattinen (Jan 27)
    - Re: out-of-band access bandwidth Leigh Porter (Jan 27)

(Thread continues...)