DNS deluge for x.p.ctrc.cc

Once upon a time, Rob Thomas <robtcymru.com> said:
> Limit recursion to trusted netblocks and customers.  Do
not permit
> your name servers to provide recursion for the world. 
If you do,
> you will contribute to one of these attacks.

One thing to note: we've discovered that on some common DSL
routers, the
internal DNS caching server is on by default and answers
requests on the
outside IP address.  IIRC some even do it when configured
for NAT.

So, even when you disable outside recursion, things you may
not think of
on the inside of your network may still allow outside DNS
recursion.

-- 
Chris Adams <cmadamshiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough
trouble.

On Fri, 24 Feb 2006, Chris Adams wrote:

> One thing to note: we've discovered that on some
common DSL routers, the
> internal DNS caching server is on by default and
answers requests on the
> outside IP address.  IIRC some even do it when
configured for NAT.
>
> So, even when you disable outside recursion, things you
may not think of
> on the inside of your network may still allow outside
DNS recursion.

Efficient Networks DSL routers suffer from this problem if
DNS servers are 
defined in the DHCP server config on the router.  It's more
of a DNS proxy 
though.  It doesn't do any caching.

------------------------------------------------------------
----------
  Jon Lewis                   |  I route
  Senior Network Engineer     |  therefore you are
  Atlantic Net                |
_________ http://www.lewis.org
/~jlewis/pgp for PGP public key_________