nanog mailing list archives
Re: What DNS Is Not
From: David Ulevitch <davidu () everydns net>
Date: Tue, 10 Nov 2009 10:17:15 -0500
On 11/10/09 9:04 AM, sthaug () nethelp no wrote:
When the conficker worms phones home to one of the 50,000 potential domains names it computes each day, there are a lot of IT folks out there that wish their local resolver would simply reject those DNS requests so that infected machines in their network fail to phone home.That's an extremely bad idea: many of the domains generated by the Conficker algorithm are already registered by a legitimate registrant (in .FR: the national railways, a national TV, etc).It's an idea that needs to be used *with caution*. We did something similar as part of testing a new DNS product, and found that any such list of domain names needed to be *manually* vetted before being used as input to a DNS-based blackhole system. We also found that we had to explicitly whitelist a number of domains (generated by Conficker but registered many years ago and pretty clearly legit).
This is correct. And we take this into consideration in determining what to block using our existing datasets, which are sufficient considering the volume of DNS traffic that crosses our network.
-David
Current thread:
- Re: What DNS Is Not, (continued)
- Re: What DNS Is Not Florian Weimer (Nov 11)
- RE: What DNS Is Not Jason Granat (Nov 11)
- Re: What DNS Is Not Patrick W. Gilmore (Nov 11)
- Re: What DNS Is Not sthaug (Nov 11)
- Re: What DNS Is Not Valdis . Kletnieks (Nov 11)
- Re: What DNS Is Not David Ulevitch (Nov 11)
- Re: What DNS Is Not Florian Weimer (Nov 12)
- Re: What DNS Is Not David Ulevitch (Nov 10)
- Re: What DNS Is Not Stephane Bortzmeyer (Nov 10)
- Re: What DNS Is Not sthaug (Nov 10)
- Re: What DNS Is Not David Ulevitch (Nov 10)
- Re: What DNS Is Not Jack Bates (Nov 09)
- Re: What DNS Is Not Patrick W. Gilmore (Nov 09)
- Re: What DNS Is Not Kevin Oberman (Nov 09)
- Re: What DNS Is Not Paul Vixie (Nov 12)
- RE: What DNS Is Not Warren Bailey (Nov 12)
- Re: What DNS Is Not bmanning (Nov 09)
- RE: What DNS Is Not Buhrmaster, Gary (Nov 09)
- Re: What DNS Is Not David Andersen (Nov 09)
- Re: What DNS Is Not bmanning (Nov 09)
- Re: What DNS Is Not Patrick W. Gilmore (Nov 09)