[–] devicenull 13y ago ↗ Another reminder: If you're running DNS servers, make sure you are not providing recursion: http://openresolverproject.org/ [–] marshray 13y ago ↗ Had dnsimple failed to do so? Did it help?Because Easydns http://blog.easydns.org/2013/06/04/post-mortem-of-the-june-3... said "While most of these typically use open resolvers, it is also now common to use authoritative nameservers in reflection attacks".Can we end the "War on 'Open' Internet (Resolvers)" now?Because I don't think an organized crackdown on "open" authoritative nameservers is in the best interests of our freedom. [–] aeden 13y ago ↗ No, this was not due to open resolvers in this case. We do not run public resolvers - we only provide authoritative DNS. [–] devicenull 13y ago ↗ We can end the war on open revolvers when we stop getting hit with multi-gigabit DDOS attacks from open revolvers.
[–] marshray 13y ago ↗ Had dnsimple failed to do so? Did it help?Because Easydns http://blog.easydns.org/2013/06/04/post-mortem-of-the-june-3... said "While most of these typically use open resolvers, it is also now common to use authoritative nameservers in reflection attacks".Can we end the "War on 'Open' Internet (Resolvers)" now?Because I don't think an organized crackdown on "open" authoritative nameservers is in the best interests of our freedom. [–] aeden 13y ago ↗ No, this was not due to open resolvers in this case. We do not run public resolvers - we only provide authoritative DNS. [–] devicenull 13y ago ↗ We can end the war on open revolvers when we stop getting hit with multi-gigabit DDOS attacks from open revolvers.
[–] aeden 13y ago ↗ No, this was not due to open resolvers in this case. We do not run public resolvers - we only provide authoritative DNS.
[–] devicenull 13y ago ↗ We can end the war on open revolvers when we stop getting hit with multi-gigabit DDOS attacks from open revolvers.
[–] kmasters 13y ago ↗ Dont care about DNS, its your problem, fix it and stop whining about hackers. [–] darkarmani 13y ago ↗ What do you use a massive /etc/hosts file? [–] staunch 13y ago ↗ I just use IPs and netcat. Accessing sites via SSL is a good mental workout.
[–] darkarmani 13y ago ↗ What do you use a massive /etc/hosts file? [–] staunch 13y ago ↗ I just use IPs and netcat. Accessing sites via SSL is a good mental workout.
[–] bigiain 13y ago ↗ Is there something "going on" with DNS DDOS right now, or have I just happened to notice several in the last few days? cloudns.net, EasyDNS, and now dnsimple.com - all in the last week... [–] 501 13y ago ↗ I don't think it's anything out of the ordinary. Attacks happen quite regularly, most are mitigated quickly and quietly.
[–] 501 13y ago ↗ I don't think it's anything out of the ordinary. Attacks happen quite regularly, most are mitigated quickly and quietly.
[–] kmasters 13y ago ↗ I want to apologize for my earlier downvoted comment by saying that, I only said what anyone in a software organization would say. eg your boss.If you dont know how to run DNS, then your the wrong guy to be running it.Dont come out in public and whine about hackers. Its your job and yours alone to know how DNS works and what to do.Its not even mildly interesting anymore than TCP/IP is interesting. So do your job.Thats what my boss would tell me and thats what your boss should tell you.Its not mean what Im saying. Its the truth. [–] 501 13y ago ↗ There's nothing whiny about it. They're explaining to their customers what happened which is a part of their job.
[–] 501 13y ago ↗ There's nothing whiny about it. They're explaining to their customers what happened which is a part of their job.
12 comments
[ 2.7 ms ] story [ 45.4 ms ] threadBecause Easydns http://blog.easydns.org/2013/06/04/post-mortem-of-the-june-3... said "While most of these typically use open resolvers, it is also now common to use authoritative nameservers in reflection attacks".
Can we end the "War on 'Open' Internet (Resolvers)" now?
Because I don't think an organized crackdown on "open" authoritative nameservers is in the best interests of our freedom.
If you dont know how to run DNS, then your the wrong guy to be running it.
Dont come out in public and whine about hackers. Its your job and yours alone to know how DNS works and what to do.
Its not even mildly interesting anymore than TCP/IP is interesting. So do your job.
Thats what my boss would tell me and thats what your boss should tell you.
Its not mean what Im saying. Its the truth.