Maintained by: NLnet Labs

[Unbound-users] Unbound as public DNSSEC resolver

Kevin Chadwick
Wed Oct 13 21:10:57 CEST 2010

On Wed, 13 Oct 2010 14:20:56 -0400 (EDT)
Paul Wouters <paul at> wrote:

> On Wed, 13 Oct 2010, Carsten Strotmann wrote:
> > If "public" meant a DNS Resolver that can be used by anyone, without
> > restrictions to local clients/networks/ip addresses, than yes, it is a
> > bad thing and not recommended
> I disagree it is a bad thing. I run open resolvers on purpose as a service.
> Just because some abuse happens does not make it evil.

I definately agree

> If you say "unmaintained publiv DNS servers are bad" then I'll agree.
> Apart from that, I think the botnets have reached sizes where DNS amplification
> is really not that much of tool anymore to DOS a network link.

I see what your saying but I could never agree. Be prepared. Who's to
say all attackers have eyes for one network at a time. Someone took
down a whole country (russia is the accused) and cyber warfare is meant
to be on it's way. But like spam, as long as their are other dns
resolvers that are easier targets then they probably! won't bother with