Re: [dns-operations] Capturing 8.8.8.8 Traffic

On 02/25/2013 06:26 PM, Graham Beneke wrote: > So what are you thoughts on capturing these queries and answering them > on local resolvers that are <10ms away? There is also a possibility that they *wanted* to avoid your resolver for whatever reason, so clandestinely forcing them to use it is not

Re: [dns-operations] Capturing 8.8.8.8 Traffic

On 25 Feb 2013, at 20:11, wbr...@e1b.org wrote: I'm not a guru on much of the consumer equipment, but what I have seen allows you to use whatever DNS settings are pushed out by the ISP as part of DHCP. Just leave that box ticked and you get the ISP's idea of the proper DNS

Re: [dns-operations] Capturing 8.8.8.8 Traffic

On 26.02.13 04:14, Warren Kumari wrote: Now I realize that lots of folk would prefer to believe that there is something more nefarious happening (and there is nothing really that I can say to change that) but I figured I should at least try explain why Google provides this... It is of cours

Re: [dns-operations] Capturing 8.8.8.8 Traffic

On 25/02/2013 22:02, Carlos M. Martinez wrote: > That said, there is something to be said for easy-to-remember, > easy-to-type, DNS addresses. Why not write an I-D asking IANA for a > couple of very easy addresses that we can all agree to locally anycast ? That thought has crossed my mind but what

Re: [dns-operations] CloudShield advices against dDoS

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Op 25-02-13 16:38, John Kristoff schreef: > > To wit, suggestion #1 is to block query types you know you do not > have answers for. On the face, this may seem sensible and in some > dire, but probably limited scenarios maybe it even helps. To do >

Re: [dns-operations] Capturing 8.8.8.8 Traffic

Google might be doing X,Y or Z with DNS data, but IMO, the fact doesn't excuse ISPs border filtering requests or spoofing 8.8.8.8/8.8.4.4 What happened to personal responsibility by the way? Do we really want our ISPs to nanny us just in case Big Evil Google data mines my DNS queries ? Why can't

Re: [dns-operations] Capturing 8.8.8.8 Traffic

On Feb 26, 2013, at 8:32 AM, Carlos M. Martinez wrote: > > > Google might be doing X,Y or Z with DNS data, but IMO, the fact doesn't > excuse ISPs border filtering requests or spoofing 8.8.8.8/8.8.4.4 > >> There is no business justification for spending the time and money to design and depl

Re: [dns-operations] Capturing 8.8.8.8 Traffic

+1 ! On 2/26/13 12:34 PM, Cutler James R wrote: > On Feb 26, 2013, at 8:32 AM, Carlos M. Martinez wrote: > >> >> >> Google might be doing X,Y or Z with DNS data, but IMO, the fact doesn't >> excuse ISPs border filtering requests or spoofing 8.8.8.8/8.8.4.4 >> >>> > > There is no business just

Re: [dns-operations] Capturing 8.8.8.8 Traffic

On 26 February 2013 14:34, Cutler James R wrote: > On Feb 26, 2013, at 8:32 AM, Carlos M. Martinez wrote: > >> >> >> Google might be doing X,Y or Z with DNS data, but IMO, the fact doesn't >> excuse ISPs border filtering requests or spoofing 8.8.8.8/8.8.4.4 >> >>> > > There is no business justi

Re: [dns-operations] Capturing 8.8.8.8 Traffic

On Feb 26, 2013, at 11:35 AM, Mike Jones wrote: > I wonder if anyone can come up with a justification for why you would > intercept 8.8.8.8, but not 4.2.2.2, or 141.1.1.1, or 74.82.42.42, > or? > > There are cases where it is arguably OK to intercept DNS traffic, such > as tightly controlled

Re: [dns-operations] Capturing 8.8.8.8 Traffic

On 02/26/2013 08:35 AM, Mike Jones wrote: I wonder if anyone can come up with a justification for why you would intercept 8.8.8.8, but not 4.2.2.2, or 141.1.1.1, or 74.82.42.42, or? Don't forget 8.8.4.4 :) ___ dns-operations mailing list dns-opera

Re: [dns-operations] Another whitepaper on DDOS

Vernon Schryver wrote: > > From: Tony Finch > > > > In addition to vjs's points, note that DNSSEC makes theft of a domain > > even more visible because it is likely to cause horrible breakage for > > validating users. > > I didn't mention those alarms, because I assumed the domain was > stolen at

Re: [dns-operations] Another whitepaper on DDOS

On Feb 25, 2013, at 8:18 PM, Vernon Schryver wrote: >> From: Tony Finch > But the errornous transfer of ebay.de would create a deasaster with DANE. >>> >>> In what way would DANE make the theft of a domain worse? >> >> In addition to vjs's points, note that DNSSEC makes theft of a domai

Re: [dns-operations] Another whitepaper on DDOS

On 26 February 2013 19:45, Tony Finch wrote: > Vernon Schryver wrote: >> > From: Tony Finch >> > >> > In addition to vjs's points, note that DNSSEC makes theft of a domain >> > even more visible because it is likely to cause horrible breakage for >> > validating users. >> >> I didn't mention tho

Re: [dns-operations] Capturing 8.8.8.8 Traffic

In message , Mike Jones writes: > On 26 February 2013 14:34, Cutler James R wrote > : > > On Feb 26, 2013, at 8:32 AM, Carlos M. Martinez wro > te: > > > >> > >> > >> Google might be doing X,Y or Z with DNS data, but IMO, the fact doesn't > >> excuse ISPs border filtering requests or spoofing

Re: [dns-operations] Capturing 8.8.8.8 Traffic

On 26 February 2013 21:39, Mark Andrews wrote: > > In message > > , Mike Jones writes: >> On 26 February 2013 14:34, Cutler James R wrote >> : >> > On Feb 26, 2013, at 8:32 AM, Carlos M. Martinez wro >> te: >> > >> >> >> >> >> >> Google might be doing X,Y or Z with DNS data, but IMO, the fact

Re: [dns-operations] Capturing 8.8.8.8 Traffic

On Feb 25, 2013, at 11:46 AM, Carlos M. Martinez wrote: > On principle I would hate my ISP messing around with my traffic, > regardless of any good intentions. > > regards, > > ~Carlos I whole-heartedly agree, which is why it did not sit well with me that Verizon Wireless is (on their 3G net

Re: [dns-operations] Another whitepaper on DDOS

On Feb 22, 2013, at 23:18, David Conrad wrote: > > Has there been any documented attack that would have been prevented by DNSSEC > that one can point to? Well, prevented...no, nothing can ever "prevent" an attack. But I realized yesterday I should answer yes to the question of whether DNSSEC