Re: [DNSOP] Re: Last Call: draft-ietf-dnsop-reflectors-are-evil (Preventing Use of Recursive Nameservers in Reflector Attacks) to BCP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

It does indeed as Stephane pointed out.
Opening up your resolver so you can server roaming users, without further protection, is, at best, naive. 

Joao

On 28 Sep 2007, at 12:15, Jaap Akkerhuis wrote:
There are two major reasons for an organization to not want roaming 
    users to trust locally-assigned DNS servers.

Open recursive servers doesn't help in against man in the middle
attacks. If you want to avoid that use VPN's or (for DNS) TSIG.

I seem to remember that the ID actually mentions that.

	jaap

_______________________________________________
DNSOP mailing list
DNSOP@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/dnsop



_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]