RE: recursive DNS servers DDoS as a growing DDoS problem

[gboyce <gboyce@xxxxxxxxxxxx>]

On Thu, 30 Mar 2006, Geo. wrote:

> It's a security issue. He who controls the dns server controls you, yes?
>
> Ok we are talking about locking down DNS like we locked down smtp relay. So
> if you want to send a mail today can you just use any smtp server you want
> or are you severly limited, possibly by a port 25 block which forces you to
> use just your ISP's mail smtp server?
>
> Don't you think creating a control point like that is dangerous? Especially
> dangerous when it's DNS which runs virtually every function on the internet?
>
> It's not a conspiracy theory, it's fact, if you create a control like that
> someone is going to want to control it. I suggest only that we consider this
> along with everything else.

I haven't heard anyone talk about requiring that users use their ISP's DNS 
server.  Just that they should not be able to use any random DNS server on 
the internet.

What is stopping you from running your own local DNS server?  My system at 
home runs named in a configuration that allows any systems on my local 
network to query from it.  That's what I use as my authoritative 
nameserver.

--
Greg