nanog mailing list archives

Re: Open Resolver Problems

From: Tony Finch <dot () dotat at>
Date: Wed, 27 Mar 2013 21:49:17 +0000

Jack Bates <jbates () brightok net> wrote:

You'll also find that [DNS RRL] serves little purpose.


In my experience it works extremely well. Yes it is possible to work
around it, but you still need to stop the attacks that are happening now.
It is good to make the attacker's job harder.

1) tcp


RRL pushes legitimate clients to TCP if they get muddled up with attack
traffic.

2) require all requests to pad out to maximum response


I expect that is as easy to deploy as BCP38, IPv6, and DNSSEC.

3) BCP38 (in spirit)


That should be deployed as well as RRL.

Tony.
-- 
f.anthony.n.finch  <dot () dotat at>  http://dotat.at/
Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first.
Rough, becoming slight or moderate. Showers, rain at first. Moderate or good,
occasionally poor at first.

Current thread:

Re: Open Resolver Problems, (continued)
- - - Re: Open Resolver Problems Mark Andrews (Mar 26)
    - Re: Open Resolver Problems Paul Ferguson (Mar 26)
    - Re: Open Resolver Problems Mark Andrews (Mar 26)
    - Re: Open Resolver Problems William Herrin (Mar 27)
    - Re: Open Resolver Problems Joe Abley (Mar 27)
    - Re: Open Resolver Problems Tony Finch (Mar 27)
    - Re: Open Resolver Problems Jack Bates (Mar 27)
    - Re: Open Resolver Problems William Herrin (Mar 27)
    - Re: Open Resolver Problems Jack Bates (Mar 27)
    - Re: Open Resolver Problems Mark Andrews (Mar 27)
    - Re: Open Resolver Problems Tony Finch (Mar 27)
    - Re: Open Resolver Problems Jack Bates (Mar 27)
    - Re: Open Resolver Problems Tony Finch (Mar 27)
    - Re: Open Resolver Problems Joe Abley (Mar 27)
    - Re: Open Resolver Problems Valdis . Kletnieks (Mar 27)
    - Re: Open Resolver Problems Tony Finch (Mar 27)
    - Re: Open Resolver Problems Owen DeLong (Mar 27)
    - Re: Open Resolver Problems Marco Davids (Mar 27)
    - Re: Open Resolver Problems Jared Mauch (Mar 27)
    - Re: Open Resolver Problems Joe Abley (Mar 27)
    - Can we not just fix it? WAS:Re: Open Resolver Problems Michael DeMan (Mar 28)

(Thread continues...)