nanog mailing list archives

Re: Shim6, was: Re: filtering /48 is going to be necessary

From: Mark Andrews <marka () isc org>
Date: Tue, 13 Mar 2012 14:12:29 +1100


In message <CAMcDhonQqYuzD5CLLZMBKW1tjQ5H6qmLE9LLJo4Z_H4D3coQRw () mail gmail com>
, Josh Hoppes writes:

Also consider the significant increased load on DNS servers to
handling the constant stream of dynamic DNS updates to make this
possible, and that you have to find some reliable trust mechanism to
handle these updates because with out that you just made man in the
middle attacks a just a little bit easier.


The DNS already supports cryptographically authenticated updates.
There is a good chance that your DHCP server used one of the methods
below when you got your lease.

SIG(0), TSIG and GSS_TSIG all scale appropiately for this.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka () isc org

Current thread:

Re: Shim6, was: Re: filtering /48 is going to be necessary, (continued)
- - - Re: Shim6, was: Re: filtering /48 is going to be necessary Iljitsch van Beijnum (Mar 12)
    - Re: Shim6, was: Re: filtering /48 is going to be necessary Łukasz Bromirski (Mar 12)
    - Re: Shim6, was: Re: filtering /48 is going to be necessary William Herrin (Mar 12)
    - Re: Shim6, was: Re: filtering /48 is going to be necessary Geoff Huston (Mar 12)
    - Re: Shim6, was: Re: filtering /48 is going to be necessary William Herrin (Mar 12)
    - Re: Shim6, was: Re: filtering /48 is going to be necessary Leo Bicknell (Mar 12)
    - Re: Shim6, was: Re: filtering /48 is going to be necessary William Herrin (Mar 12)
    - Re: Shim6, was: Re: filtering /48 is going to be necessary Masataka Ohta (Mar 12)
    - Re: Shim6, was: Re: filtering /48 is going to be necessary William Herrin (Mar 12)
    - Re: Shim6, was: Re: filtering /48 is going to be necessary Josh Hoppes (Mar 12)
    - Re: Shim6, was: Re: filtering /48 is going to be necessary Mark Andrews (Mar 12)
    - Re: Shim6, was: Re: filtering /48 is going to be necessary William Herrin (Mar 12)
    - Re: Shim6, was: Re: filtering /48 is going to be necessary Masataka Ohta (Mar 13)
    - Re: Shim6, was: Re: filtering /48 is going to be necessary Ryan Malayter (Mar 13)
    - Re: Shim6, was: Re: filtering /48 is going to be necessary Masataka Ohta (Mar 13)
    - Re: Shim6, was: Re: filtering /48 is going to be necessary Owen DeLong (Mar 13)
    - Re: Shim6, was: Re: filtering /48 is going to be necessary Ryan Malayter (Mar 13)
    - Re: Shim6, was: Re: filtering /48 is going to be necessary Ryan Malayter (Mar 13)
    - Re: Shim6, was: Re: filtering /48 is going to be necessary Owen DeLong (Mar 13)
    - Re: Shim6, was: Re: filtering /48 is going to be necessary Valdis . Kletnieks (Mar 14)
    - RE: Shim6, was: Re: filtering /48 is going to be necessary Leigh Porter (Mar 14)

(Thread continues...)