[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Open Resolver Problems

On Mon, 25 Mar 2013 10:22:08 -0400, Jared Mauch said:
> Some basic stats:
> 27 million resolvers existed as of this dataset collection
> only 2.1 million of them were "closed".
> We have a lot to do to close the hosts, please do what you can to help.

What's the current BCP on how to deal with mobile devices that hard-code
your resolvers in their equivalent of /etc/resolv.conf (often because the
owner of the device trusts their emnployers/whatever resolver more than they
trust the DNS server that the hotel DHCP pointed them at)?

(And yes, I *know* that "point at your employers DNS" works against a
threat model of "local provider is an idiot" and fails against "local
provider is willing to spoof replies from other DNS servers")
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 865 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20130325/f98b5ab4/attachment-0001.bin>