> They don't need more servers, just better software. If you think open > recursion (DNS DoS amplification) is an issue ISPs can ignore, I suggest > you look at the history of open SMTP relays and networks > supporting/allowing directed broadcast. I'll address the "ignore" part. I don't think closing recursive dns servers is going to make squat difference for dns based flooding just like closing SMTP relays didn't make squat difference for the spam problem. The spam continues to flow today.. Closing SMTP relays solved another problem, server capacity for the ISP, so it was in their interest to close the relays because it ate up their bandwidth and mail server capacity. Has anyone being used for a dns flood noticed they were being used? As to the issue of dns flooding, it doesn't require open recursive servers. I can point the whole domain to someone's website without even having a DNS server of my own simply by using www.domain.com and the target's IP address as one of the authorative name servers listed with the registrar and target someone that way. All I need to do then is generate queries for a bunch of random.domain.com names, I don't even need to spoof, 20,000 bots talking to their authorized recursive servers should work just fine. Heck for that matter I don't even need bots, I could just spam the planet and use bob@xxxxxxxxxxxxxxxxx as the return address. (that might even give the amplification required) What is closing an open recursive server going to do for the ISP hosting it? I haven't heard anyone screaming that these floods were even noticable by the folks running the recursive dns servers. Where is the motivation for the ISP, ISP customer, corporation, university, etc. to do anything? Yeah, I think they can ignore it until someone decides to target them. Geo.
