From: Adam <adam@jaftan.com.au>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] [OT] Google's public DNS service
Date: Tue, 08 Dec 2009 21:29:04 +1100 [thread overview]
Message-ID: <4B1E2A70.2080501@jaftan.com.au> (raw)
In-Reply-To: <hfkcfk$ivj$1@ger.gmane.org>
> I know that anyone can use any DNS server that's exposed to the internet,
> also for free, so what's the big deal about google?
IMO a DNS server configured that way is poorly configured (unless you're
actually trying to run a public service, as google is). Instead the use
of BINDs allow-recursion statement (or equivalent) should limit
recursion to only the ISPs customers. So, anyone can use the DNS to look
up any hosted zones, but only the ISPs customers can lookup other zones.
The network will need anti-spoofing controls as well. FWIW bigger ISPs
will split their DNSes, with some dedicated to hosting zones and others
dedicated to recursive lookups.
Limiting recursion helps with amplifications attacks.
prev parent reply other threads:[~2009-12-08 10:27 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-12-08 2:11 [gentoo-user] [OT] Google's public DNS service walt
2009-12-08 3:03 ` Bill Kenworthy
2009-12-08 10:29 ` Adam [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B1E2A70.2080501@jaftan.com.au \
--to=adam@jaftan.com.au \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox