Re: [DNSOP] Protocol Action: 'Preventing Use of Recursive Nameservers in Reflector Attacks' to BCP

[Stephane Bortzmeyer <bortzmeyer at nic.fr>]

On Mon, Sep 15, 2008 at 08:39:38AM -0700,
 The IESG <iesg-secretary at ietf.org> wrote 
 a message of 88 lines which said:

> The IESG has approved the following document:
> 
> - 'Preventing Use of Recursive Nameservers in Reflector Attacks '
>    <draft-ietf-dnsop-reflectors-are-evil-06.txt> as a BCP

But DNS reflectors are not evil. Someone found an interesting use for
them:

http://ccr.sigcomm.org/online/?q=node/264

A Study of Prefix Hijacking and Interception in the Internet

[...]

We used recursive DNS nameservers across the Internet to generate
actual traffic destined to the prefix. To this ef- fect, we collected
a list 23,858 of recursive nameservers be- longing to 7,566 of the
18,391 routable ASes on the Internet (based on a BGP routing table
obtained from the Route- Views repository). We also pointed the NS
record for a domain name under our control (prefix.anycast.guha.cc) to
[...]
_______________________________________________
DNSOP mailing list
DNSOP at ietf.org
https://www.ietf.org/mailman/listinfo/dnsop