nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: AS8584 taking over the internet

From: Hank Nussbacher <hank () ibm net il>
Date: Fri, 10 Apr 1998 09:49:46 +0200
At 07:25 PM 4/9/98 -0400, Scott Huddle wrote:

I have and remain unconvinced and or confused ;)  The proposal allows
an operator to verify a valid origin AS for a given prefix (i.e. "config"
sorry if I'm being loose with the word) by using the DNS system with
"bgp.in-addr" extensions.  I'm not sure which part of the random 
route announcement problem that dnssec solves in this case?  It can
help with the "are they indeed are who they say they are", but it 
doesn't solve the "are they supposed to be doing what they said that 
they're doing" case.


Has anyone benchmarked how long it will take to resolve 50,000 bgp.in-addr's
after a line hiccup or a "clear ip bgp *"?   -Hank



And you didn't address my paranoia about not trusting the DNS ;)

-scott


you may wish to read the draft.  it did not suggest using the dns to
configure.  and you may also want to look into dnssec.

randy
Previous By Date Next
Previous By Thread Next

Current thread: