nanog mailing list archives
FW: Open Resolver Problems
From: "Milt Aitken" <milt () net2atlanta com>
Date: Mon, 1 Apr 2013 11:55:34 -0400
Most of our DSL customers have modem/routers that resolve DNS externally. And most of those have no configuration option to stop it. So, we took the unfortunate step of ACL blocking DNS requests to & from the DSL network unless the requests are to our DNS servers. Suboptimal, but it stopped the DNS amplification attacks. -----Original Message----- From: Mikael Abrahamsson [mailto:swmike () swm pp se] Sent: Monday, April 01, 2013 11:51 AM To: Chris Boyd Cc: nanog () nanog org Subject: Re: Open Resolver Problems On Mon, 1 Apr 2013, Chris Boyd wrote:
Just back to the office, and started checking my networks. Found one
of
the resolvers is a Netgear SOHO NAT box. EoL'd, no new firmware available. Anyone have any feeling for what percentage are these
types
of boxes?
If you buy "type of box" mean "small SOHO NAT router which does DNS resolving on the WAN interface" then I'd say "a lot". Someone does a rollout of new software and configuration and happens to mess up the config file (or the vendor just happens to enable global dns resolving in the new software) and this slips through testing, then you're there. I believe this happens all the time. That's why the publication of these lists are important, in a lot of cases there are a lot of people who are simply not aware of these devices doing this, and they need to be poked to notice. -- Mikael Abrahamsson email: swmike () swm pp se
Current thread:
- Re: Open Resolver Problems Jared Mauch (Apr 01)
- Re: Open Resolver Problems Tony Finch (Apr 01)
- Re: Open Resolver Problems Valdis . Kletnieks (Apr 01)
- Re: Open Resolver Problems joel jaeggli (Apr 01)
- Re: Open Resolver Problems John Kristoff (Apr 02)
- Re: Open Resolver Problems Valdis . Kletnieks (Apr 01)
- <Possible follow-ups>
- Re: Open Resolver Problems Chris Boyd (Apr 01)
- Re: Open Resolver Problems Paul Ferguson (Apr 01)
- Re: Open Resolver Problems Mikael Abrahamsson (Apr 01)
- FW: Open Resolver Problems Milt Aitken (Apr 01)
- Re: Open Resolver Problems Patrick W. Gilmore (Apr 01)
- Re: Open Resolver Problems Dobbins, Roland (Apr 01)
- Re: Open Resolver Problems Patrick W. Gilmore (Apr 01)
- Re: Open Resolver Problems Dobbins, Roland (Apr 01)
- Re: Open Resolver Problems Niels Bakker (Apr 01)
- RE: Open Resolver Problems Keith Medcalf (Apr 01)
- Re: Open Resolver Problems Måns Nilsson (Apr 01)
- Re: Open Resolver Problems Mikael Abrahamsson (Apr 01)
- Re: Open Resolver Problems Måns Nilsson (Apr 02)
- Re: Open Resolver Problems Patrick W. Gilmore (Apr 01)
- Re: Open Resolver Problems Tony Finch (Apr 01)
- Re: Open Resolver Problems Niels Bakker (Apr 01)