Excessive query by open DNS
Barry Margolin
barmar at alum.mit.edu
Sat Oct 11 03:41:10 UTC 2008
In article <gcom1o$d1q$1 at sf1.isc.org>,
Scott Haneda <talklists at newgeo.com> wrote:
> I have read all your responses, and appreciate the help on this one.
> I have a few questions still.
>
> Is returning non publicly routable addresses such as 192. and 127. etc
> in the public side of DNS allowed? I read once it was generally
> frowned upon, but am not sure it is technically in violation of any RFC.
RFC 1918 says these records shouldn't be visible outside the enterprise
because they'll be ambiguous. However, in practice it's not uncommon,
and should rarely cause any operational problems.
> I consider this issue with openDNS to be a vulnerability, and a DDoS
> vector, correct me if I am wrong. OpenDNS can generate, in my tests,
> around 70 queries per second to my NS. The qualifications are that my
> NS be the SOA, but not have any zone data loaded. Open DNS asks for
> whatever you request, and then asks again, and again, and again.
Is this behavior specific to OpenDNS? When I've looked at our
nameserver logs, I see lots of repeated queries from many different
sources.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list