Re: [nznog] Fwd: [outages] Open Resolver Project

On 11/06/2013, at 9:06 PM, Sebastian Castro wrote:

On 11/06/13 17:53, Nathan Ward wrote:

...

On 11/06/2013, at 1:11 PM, David Robinson wrote:

Something worth noting that I haven't seen mentioned in this thread so far (I skim read it) - most of these open recursor attacks, that I've seen, are for ANY? isc.org - I assume because isc.org have a pretty large zone. You might want to as a first step block those queries at your border, if you have the facility to do so.

Actually is being used too, but less frequently. And for everyone's benefit, isc.org is not used because the zone is large, but because the response is large: a bunch of different records under the same label, isc.org.

Sorry, yes, zone is the wrong word, I meant label :-)

The response for is 3335 bytes, compared with for example which is 1847

is about 2500, for reference. Is that the preferred annotation for a query? -- Nathan Ward