Hi Stephane, thanks for setting up the TCP open reolver, I just tried, it works great!
I think for researchers, DNS looking glasses + TCP-only open resolvers would be enough. The TC=1 hack I proposed is just a workaround for normal off-net users. On Mon, Apr 1, 2013 at 8:07 AM, Stephane Bortzmeyer <[email protected]>wrote: > On Sun, Mar 31, 2013 at 12:54:23PM -0400, > Paul Wouters <[email protected]> wrote > a message of 34 lines which said: > > > Not true. unbound allows you to only accept clients using TCP. > > Ah, thanks, I should read the documentation more closely. > > OK, I've set up an open resolver (best effort only) with this > configuration at 95.142.170.138 / 2001:4b98:dc0:47:216:3eff:fe1b:4672. > Does anyone see a security issue with such TCP-only open resolvers? > > Xun Fan, do you think such TCP-only open resolvers, alone, or together > with DNS looking glasses <http://www.bortzmeyer.org/dns-lg.html> could > be sufficient for researchers? > > > >
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
