"Recursive no;" implications?
Alan Clegg
alan at clegg.com
Wed Jan 22 13:28:38 UTC 2014
On Jan 22, 2014, at 3:43 AM, Steven Carr <sjcarr at gmail.com> wrote:
> On 22 January 2014 05:29, LuKreme <kremels at kreme.com> wrote:
>> in the options on the master and slave DNS servers (along with any other specific IPs that I want to/need to allow). Given the risks in allowing recursion for the wilds of the Internet, how are companies like Google able to allow access to 8.8.8.8 and 8.8.4.4 without being used for these DDOS attacks?
>
> Well they probably are being subjected to DDoS all the time, but
> Google uses their own DNS implementation so more than likely they have
> written in functionality to rate-limit and block specific
> clients/requests. They also have a lot of bandwidth and they have a
> lot of servers, using Anycast for distribution.
> http://en.wikipedia.org/wiki/Google_Public_DNS
In addition to being rate-limited, blocking, etc., I'm sure the Google servers are instrumented as data collection devices and are providing data back to someone regarding what DNS is actually doing and being used for.
Why else would they do it? 8-)
AlanC
--
Alan Clegg | +1-919-355-8851 | alan at clegg.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20140122/22d3797b/attachment.bin>
More information about the bind-users
mailing list