On Thu, Sep 11, 2014 at 09:00:37PM +0800,
 Roland Dobbins <rdobb...@arbor.net> wrote 
 a message of 29 lines which said:

> FYI, most of these queries seem to be reflected through abusable CPE
> devices which are misconfigured by default as open recursors or DNS
> forwarders.  It may be worth considering investigating, and if this
> proves to be the case, blacklisting those netblocks and contacting
> the operator(s) in question

Many open resolvers do not forward directly but send to a big resolver
such as Google Public DNS (which you cannot obviously blacklist). The
authoritative name servers therefore do not see directly the open
resolver.

Source: "Open Resolvers in COM/NET Resolution" by Duane Wessels at
OARC 2014
<https://indico.dns-oarc.net/conferenceTimeTable.py?confId=19#20140511>

_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs

Reply via email to