<p dir="ltr">Oh, I agree completely - open resolvers are a bad idea to begin with. But so many of them are out there (misconfigured), and major ISPs have them for their customers, that they aren't going away.<br>
</p>
<div class="gmail_quote">On Sep 4, 2013 11:19 AM, "Dave Brockman" <<a href="mailto:dave@brockmans.com">dave@brockmans.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<br>
On 9/4/2013 10:35 AM, David White wrote:<br>
> .... or, is what I just described exactly what DNSSEC is (for you<br>
> DNSSEC geeks out there - this is still 1 aspect of DNS I still<br>
> don't fully understand)<br>
<br>
No, it does nothing of the sort.  The solution to the DNS<br>
amplification issue is the same thing as what we did when people<br>
started abusing SMTP, we shut off open relays.  Shutting down open<br>
resolvers is the logical outcome.  And if you think DNS amplification<br>
factors are huge, check out SNMP amplification factors....<br>
<br>
Regards,<br>
<br>
dtb<br>
<br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v2.0.17 (MingW32)<br>
Comment: Using GnuPG with Thunderbird - <a href="http://www.enigmail.net/" target="_blank">http://www.enigmail.net/</a><br>
<br>
iQEcBAEBAgAGBQJSJ0zZAAoJEMP+wtEOVbcdIC8H/3MPADOs+mJFqsDXutXER6RW<br>
aIWfBhyumecN+U8AApeha9QnqkEJHCkui0rOoGfVVZSdqtFNvkZqwVFRHO/zu4uz<br>
4B9tSAPdX47Na2wWqpAq+iQhFL2LTMnevr8wfhQvf0JPsS/f3spIARn0pRB2cp0T<br>
UNjleFUDEJlTv6MVTcd3s3Fi0jkybRyFSk8Ja13dOq5FnT0ckMyVGeZNttdvsoWm<br>
53E48WufWfXF6OBKpzDizNpYjSkEMXmrUr1khpCmkfk5mDaHk6f/J9PKLZP2f+yv<br>
djk2yK00OxG82v1T607o+AoqWCbji5smPjkfDVG9+86EPVdh0qa2OCNtSLInI+k=<br>
=vb6o<br>
-----END PGP SIGNATURE-----<br>
_______________________________________________<br>
Chugalug mailing list<br>
<a href="mailto:Chugalug@chugalug.org">Chugalug@chugalug.org</a><br>
<a href="http://chugalug.org/cgi-bin/mailman/listinfo/chugalug" target="_blank">http://chugalug.org/cgi-bin/mailman/listinfo/chugalug</a><br>
</blockquote></div>