24 Jul
2008
24 Jul
'08
4:33 a.m.
in light of the recently-discussed vulnerability (details of which are now public) and the exploit now available, do any of the affected ISPs think it might be prudent to stop letting the whole Internet recurse through their recursive nameservers? testing from an IP in the USA, I was able to make recursive queries at six major NZ ISPs, and there are no doubt more. I won't bother naming, it's trivial for anyone to figure it out for themselves, and the affected ISPs (should) know who they are. answering recursive queries from anywhere removes the need to get a client on the ISP's network to look up names for you in order to poison the cache of the recursor... -jasper