[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Tightened DNS security question re: DNS amplification attacks.

Subject: Tightened DNS security question re: DNS amplification attacks.
From: fweimer at bfk.de (Florian Weimer)
Date: Thu, 29 Jan 2009 14:01:15 +0100
In-reply-to: <[email protected]> (Mark Andrews's message of "Thu, 29 Jan 2009 16:18:12 +1100")
References: <[email protected]>

* Mark Andrews:

> 	The most common reason for recursive queries to a authoritative
> 	server is someone using dig, nslookup or similar and forgeting
> 	to disable recursion on the request.

dnscache in "forward only" mode also sets the RD bit, and apparently
does not restrict itself to the configured forwarders list.  (This is
based on a public report, not on first-hand knowledge.)

-- 
Florian Weimer                <fweimer at bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstra?e 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99

Follow-Ups:
- Tightened DNS security question re: DNS amplification attacks.
  - From: phil.pennock at spodhuis.org (Phil Pennock)

References:
- Tightened DNS security question re: DNS amplification attacks.
  - From: Mark_Andrews at isc.org (Mark Andrews)

Prev by Date: ISP Unbundling circuits
Next by Date: ISP Unbundling circuits
Previous by thread: Tightened DNS security question re: DNS amplification attacks.
Next by thread: Tightened DNS security question re: DNS amplification attacks.
Index(es):
- Date
- Thread