nanog mailing list archives

Re: Open Resolver Problems

From: Jack Bates <jbates () brightok net>
Date: Wed, 27 Mar 2013 09:46:10 -0500

On 3/27/2013 9:34 AM, William Herrin wrote:

On Wed, Mar 27, 2013 at 10:00 AM, Jack Bates <jbates () brightok net> wrote:


Tracking the clients would be a huge dataset and be especially complicated
in clusters. They'd be better off at detecting actual attack vectors rather
than rate limiting.

I count this among the several reasons I intend to wait until a
solution has been accepted into the bind mainline.

You'll also find that it serves little purpose. The only 2 methods forstopping DNS amplification to my knowledge are:


1) tcp

2) require all requests to pad out to maximum response

3) BCP38 (in spirit)

The first has latency, load, and connection limitations. It is just tooexpensive.

The second would stop amplification, however, it will not stop botnetsusing them in attempts to hide the bot nodes in a very effective manner.It's also unlikely that we'd ever see it implemented.


The only effective fix is still BCP38 (in spirit).


Jack

Current thread:

Re: Open Resolver Problems, (continued)
- - - Re: Open Resolver Problems Alain Hebert (Mar 27)
    - Re: Open Resolver Problems Jared Mauch (Mar 26)
    - Re: Open Resolver Problems Mark Andrews (Mar 26)
    - Re: Open Resolver Problems Paul Ferguson (Mar 26)
    - Re: Open Resolver Problems Mark Andrews (Mar 26)
    - Re: Open Resolver Problems William Herrin (Mar 27)
    - Re: Open Resolver Problems Joe Abley (Mar 27)
    - Re: Open Resolver Problems Tony Finch (Mar 27)
    - Re: Open Resolver Problems Jack Bates (Mar 27)
    - Re: Open Resolver Problems William Herrin (Mar 27)
    - Re: Open Resolver Problems Jack Bates (Mar 27)
    - Re: Open Resolver Problems Mark Andrews (Mar 27)
    - Re: Open Resolver Problems Tony Finch (Mar 27)
    - Re: Open Resolver Problems Jack Bates (Mar 27)
    - Re: Open Resolver Problems Tony Finch (Mar 27)
    - Re: Open Resolver Problems Joe Abley (Mar 27)
    - Re: Open Resolver Problems Valdis . Kletnieks (Mar 27)
    - Re: Open Resolver Problems Tony Finch (Mar 27)
    - Re: Open Resolver Problems Owen DeLong (Mar 27)
    - Re: Open Resolver Problems Marco Davids (Mar 27)
    - Re: Open Resolver Problems Jared Mauch (Mar 27)

(Thread continues...)