On Thu, Sep 11, 2014 at 09:00:37PM +0800, Roland Dobbins <rdobb...@arbor.net> wrote a message of 29 lines which said:
> FYI, most of these queries seem to be reflected through abusable CPE > devices which are misconfigured by default as open recursors or DNS > forwarders. It may be worth considering investigating, and if this > proves to be the case, blacklisting those netblocks and contacting > the operator(s) in question Many open resolvers do not forward directly but send to a big resolver such as Google Public DNS (which you cannot obviously blacklist). The authoritative name servers therefore do not see directly the open resolver. Source: "Open Resolvers in COM/NET Resolution" by Duane Wessels at OARC 2014 <https://indico.dns-oarc.net/conferenceTimeTable.py?confId=19#20140511> _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs