nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Interesting new dns failures

From: Gadi Evron <ge () linuxbox org>
Date: Tue, 22 May 2007 16:16:18 -0500 (CDT)

On Tue, 22 May 2007, David Ulevitch wrote:




<snip>


These questions, and more (but I'm biased to DNS), can be solved at the 
edge for those who want them.  It's decentralized there.  It's done the 
right way there.  It's also doable in a safe and fail-open kind of way.

This is what I'm talking about.


Agreed.


After all, nobody's security being affected by the edge of some end-user
machine on the other side of the world is irrelevant to my edge
security. FUSSP.

DNS abuse is mostly not an edge issue.


I disagree. DNS is the enabler for many many issues which are edge 
issues.  (Botnets, spam, etc)


There you did it, you said the B word. Now all the off-topic screamers
will flame. :)

Botnets, spam, etc. are symptoms, and DNS is abused to help them
along. DNS abuse, i.e. abuse of DNS, is a DNS issue.

David, we agree - just talking of similar issues which are.. different.

        Gadi.
Previous By Date Next
Previous By Thread Next

Current thread: