On Feb 3, 2014, at 10:58 AM, Dobbins, Roland <rdobb...@arbor.net> wrote:
> I'm a big believer in using ACLs to intelligently preclude > reflection/amplification abuse, but wholesale filtering of all UDP takes > matters too far, IMHO. I also think that restricting your users by default to your own recursive DNS servers, plus a couple of well-known, well-run public recursive services, is a good idea - as long as you allow your users to opt out. This has nothing to do with DDoS, but with other types of issues. ----------------------------------------------------------------------- Roland Dobbins <rdobb...@arbor.net> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton
