ietf
[Top] [All Lists]

Re: [DNSOP] Re: Last Call: draft-ietf-dnsop-reflectors-are-evil (Preventing Use of Recursive Nameservers in Reflector Attacks) to BCP

2007-09-28 04:39:29
It does indeed as Stephane pointed out.
Opening up your resolver so you can server roaming users, without further protection, is, at best, naive.

Joao

On 28 Sep 2007, at 12:15, Jaap Akkerhuis wrote:


There are two major reasons for an organization to not want roaming
    users to trust locally-assigned DNS servers.

Open recursive servers doesn't help in against man in the middle
attacks. If you want to avoid that use VPN's or (for DNS) TSIG.

I seem to remember that the ID actually mentions that.

        jaap

_______________________________________________
DNSOP mailing list
DNSOP(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/dnsop


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf