lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 31 Mar 2006 12:38:36 -0500 (EST)
From: gboyce <gboyce@...belly.com>
To: "Geo." <geoincidents@....net>
Cc: bugtraq@...urityfocus.com
Subject: RE: recursive DNS servers DDoS as a growing DDoS problem


On Thu, 30 Mar 2006, Geo. wrote:

> It's a security issue. He who controls the dns server controls you, yes?
>
> Ok we are talking about locking down DNS like we locked down smtp relay. So
> if you want to send a mail today can you just use any smtp server you want
> or are you severly limited, possibly by a port 25 block which forces you to
> use just your ISP's mail smtp server?
>
> Don't you think creating a control point like that is dangerous? Especially
> dangerous when it's DNS which runs virtually every function on the internet?
>
> It's not a conspiracy theory, it's fact, if you create a control like that
> someone is going to want to control it. I suggest only that we consider this
> along with everything else.

I haven't heard anyone talk about requiring that users use their ISP's DNS 
server.  Just that they should not be able to use any random DNS server on 
the internet.

What is stopping you from running your own local DNS server?  My system at 
home runs named in a configuration that allows any systems on my local 
network to query from it.  That's what I use as my authoritative 
nameserver.

--
Greg

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ