nanog mailing list archives

Re: DOS attack against DNS?

From: Paul Vixie <vixie () vix com>
Date: 16 Jan 2006 18:12:25 +0000


joelja () darkwing uoregon edu (Joel Jaeggli) writes:

people inside one of the largest networks have told me that they have
customers who require the ability to bypass BCP38 restrictions, and that
they will therefore never be fully BCP38 compliant.  ...


Consider people in the rest of the world who may purchase simplex 
satellite links. By definition they inject traffic in places they aren't 
announcing their route from.


yup, those are exactly the customers i was told about.  (see above.)  however,
there's still a way to filter-list the various interfaces -- it's just harder
than letting the routing table imply your filter-list for you.  also however,
if these were the only customers who weren't made to follow BCP38, there would
not be a global BCP38-related problem right now.  or, as i said before:

i've asked for BCP38 to become the default on all their other present
and future customers ...

-- 
Paul Vixie

Current thread:

DOS attack against DNS? Roy (Jan 14)
- Re: DOS attack against DNS? Mark Andrews (Jan 14)
  - Re: DOS attack against DNS? Jeroen Massar (Jan 15)
    - Re: DOS attack against DNS? Mark Andrews (Jan 15)
    - Re: DOS attack against DNS? Paul Vixie (Jan 16)
    - Re: DOS attack against DNS? Joel Jaeggli (Jan 16)
    - Re: DOS attack against DNS? Paul Vixie (Jan 16)
    - Re: DOS attack against DNS? Daniel Senie (Jan 16)
    - Re: DOS attack against DNS? Mark Andrews (Jan 16)
- Re: DOS attack against DNS? Paul Vixie (Jan 15)
  - Re: DOS attack against DNS? bmanning (Jan 15)
    - Re: DOS attack against DNS? Paul Vixie (Jan 15)
    - Re: DOS attack against DNS? Mark Andrews (Jan 15)
  - Re: DOS attack against DNS? Alon Tirosh (Jan 16)
    - Re: DOS attack against DNS? william(at)elan.net (Jan 16)
    - Re: DOS attack against DNS? Alon Tirosh (Jan 16)
    - Re: DOS attack against DNS? Joe Shen (Jan 17)

(Thread continues...)