I recently help close down an open recursive resolver. It is still getting a lot of queries for isc.org/ANY which get a refused response (unless slipped/dropped by RRL). Granted, this doesn't amplify the attack since REFUSED is a fairly small packet, but it is still traffic to the attacked site.
Given that no properly configured server should be querying this recursive name server for isc.org, why should it respond with anything? Why not just drop the packet for any recursive request if it is not going to answer it. I supposed in the good old days, it was polite to say, "Sorry, I can't answer that." We also used to accept unsolicited commercial emails. The RFCs state we should either reject during SMTP or if we accept a message, we should either deliver or generate a delivery failure. Now we filter and drop spam on the floor. I don't see these recursive requests as much different than spam -- William Brown Core Hosted Application Technical Team and Messaging Team Technology Services, WNYRIC, Erie 1 BOCES (716) 821-7285 Confidentiality Notice: This electronic message and any attachments may contain confidential or privileged information, and is intended only for the individual or entity identified above as the addressee. If you are not the addressee (or the employee or agent responsible to deliver it to the addressee), or if this message has been addressed to you in error, you are hereby notified that you may not copy, forward, disclose or use any part of this message or any attachments. Please notify the sender immediately by return e-mail or telephone and delete this message from your system. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
