On 11/06/13 21:12, Nathan Ward wrote:
On 11/06/2013, at 9:06 PM, Sebastian Castro <sebastian(a)nzrs.net.nz> wrote:
On 11/06/13 17:53, Nathan Ward wrote:
On 11/06/2013, at 1:11 PM, David Robinson <nznog(a)karit.geek.nz> wrote:
Something worth noting that I haven't seen mentioned in this thread so far (I skim read it) - most of these open recursor attacks, that I've seen, are for ANY? isc.org - I assume because isc.org have a pretty large zone. You might want to as a first step block those queries at your border, if you have the facility to do so.
Actually <ripe.net, ANY> is being used too, but less frequently. And for everyone's benefit, isc.org is not used because the zone is large, but because the response is large: a bunch of different records under the same label, isc.org.
Sorry, yes, zone is the wrong word, I meant label :-)
The response for <isc.org, ANY> is 3335 bytes, compared with for example <nz, ANY> which is 1847
<ripe.net, ANY> is about 2500, for reference.
Is that the preferred annotation for a query?
I've used that notation for quite some time, but I'm not certain is a documented convention.
-- Nathan Ward
-- Sebastian Castro DNS Specialist .nz Registry Services (New Zealand Domain Name Registry Limited) desk: +64 4 495 2337 mobile: +64 21 400535