23 Feb
2005
23 Feb
'05
1:22 a.m.
Joe Abley wrote:
There are plenty of examples of worms triggering DNS lookups as they go about their wormly business. I'm not talking about the general background level of junk queries from Windows and other boxes which are either misconfigured or contain poor DNS client implementations.
Evi did a talk on this in Mount Wellington.
So they look for WORKGROUP in DNS? Not weird SRV records or something for Active Directories?
If you're suggesting that blocking 53/udp and 53/tcp would be an effective way to reduce query load on the roots, then yes, I'm sure that would be highly effective. (Simply turning them all off would probably be less effort, however.)
Less drastic: 'man pf.os' -- Juha