----- Original Message ----- > From: "Roland Dobbins" <rdobb...@arbor.net>
> On Apr 1, 2013, at 11:18 PM, Patrick W. Gilmore wrote: > > Of course, since users shouldn't be using off-net name servers > > anyway, this isn't really a problem! :) > > ;> > > It's easy enough to construct ACLs to restrict the broadband consumer > access networks from doing so. Additional egress filtering would catch > any reflected attacks, per your previous comments. So, how would Patrick's caveat affect me, whose recursive resolver *is on my Linux laptop*? Would not that recursor be making queries he advocates blocking? Or don't I remember DNS well enough? Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
