[nsp-sec] 700K *abused* resolver list?

[Mike Lewinski]

Mike Lewinski wrote:

> I'm thinking that additional-from-auth and additional-from-cache may not 
> be available on some of the older BIND 8s that are out there? It may 
> also not be advisable for people who are running combined auth/caching 
> servers? Advice appreciated, TIA!

Replying to myself because the list is a little slow today and I've done 
more research....

Closing recursion alone isn't enough, and mere presence of an IP address 
on the 700K list may not be an accurate indicator of open vs closed 
resolver?

http://www.secureworks.com/research/threats/dns-amplification

I see no functional difference querying "." vs "um."