On Tue, Jan 22, 2013 at 09:37:37AM +0100, Andreas Papst <andreas.pa...@univie.ac.at> wrote a message of 36 lines which said:
> I'm not sure if it is a good idea to deploy open recursive resolvers They are not open recursive DNS servers. Read the article <http://www.bortzmeyer.org/dns-lg.html> > around the world again after having pushed so many people to close > theirs. ??? RFC 5358 was about DNS, not HTTP. It was about attacks using a spoofed IP address, something which is easy with UDP and very hard with TCP. I really do not see the problem. > At least we should consider some reasonable precautions. There is rate-limiting, as explicitely mentioned in the article. > A 2nd demur: what is the difference to RIPE Atlas? 1) Atlas is not publically open. 2) Atlas cannot be queried with a simple REST URL (there is no API yet) 3) Atlas does not parse the DNS responses for you, you get back a blob of wire-format DNS and you have to parse it. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
