[sdnog] Understanding the Origins of Anomalous Open DNS Resolvers

Nishal Goburdhan nishal at controlfreak.co.za
Tue Mar 17 09:03:18 SAST 2015

On 16 Mar 2015, at 15:20, Frank Habicht <geier at geier.ne.tz> wrote:

> Even an NSP would have enterprise customers...
> And if I know them and consider them to be doing harm (say open
> resolvers with real big traffic), then I wouldn't exclude them from some
> "attention" ...

fair enough.  this still counts as a network "edge" though.

> So: firstly the multihomed customers in AS 64512 multihoming 2 times to
> my network are my problem ;-)

perhaps i should have said "dual-homed"  ... 

> For other ASNs, if they have more enterprise character, then see above.
> If they are service providers, then it's about the reputation of their
> network.

thanks.  this answered my question.

> Though a good idea would be if "we all" could put some commercial
> pressure on bad-reputation networks.
> But then there are different layers involved, and things get difficult.
> ;-)

before putting pressure on others, i would first suggest cleaning house first.
there are a variety of things that - as an ISP - you could do internally, including, but not limited to:
* ingress filtering (aka BCP38 / RFC3704 filtering)
* remote triggered black hole 
* AS112 to assist with unwanted DNS queries
... etc.  

perhaps there's place for a network housekeeping tools BOF at the next event? 


More information about the sdnog mailing list