nanog mailing list archives
Re: Open Resolver Problems
From: Jack Bates <jbates () brightok net>
Date: Wed, 27 Mar 2013 16:59:16 -0500
On 3/27/2013 4:49 PM, Tony Finch wrote:
Jack Bates <jbates () brightok net> wrote:3) BCP38 (in spirit)That should be deployed as well as RRL. Tony.
If BCP38 was properly deployed, what would be the purpose of RRL outside of misbehaving clients or direct attacks against that one server?
We already know the fix for spoofing. Trying to tweak every service that spoofing effectively takes advantage of will not be a winning game. Sending legitimate clients to TCP is also a losing game. DNS is UDP for a reason. The infrastructure to switch it to TCP is prohibitive and completely destroys the anycast mechanisms.
Jack
Current thread:
- Re: Open Resolver Problems, (continued)
- Re: Open Resolver Problems Paul Ferguson (Mar 26)
- Re: Open Resolver Problems Mark Andrews (Mar 26)
- Re: Open Resolver Problems William Herrin (Mar 27)
- Re: Open Resolver Problems Joe Abley (Mar 27)
- Re: Open Resolver Problems Tony Finch (Mar 27)
- Re: Open Resolver Problems Jack Bates (Mar 27)
- Re: Open Resolver Problems William Herrin (Mar 27)
- Re: Open Resolver Problems Jack Bates (Mar 27)
- Re: Open Resolver Problems Mark Andrews (Mar 27)
- Re: Open Resolver Problems Tony Finch (Mar 27)
- Re: Open Resolver Problems Jack Bates (Mar 27)
- Re: Open Resolver Problems Tony Finch (Mar 27)
- Re: Open Resolver Problems Joe Abley (Mar 27)
- Re: Open Resolver Problems Valdis . Kletnieks (Mar 27)
- Re: Open Resolver Problems Tony Finch (Mar 27)
- Re: Open Resolver Problems Owen DeLong (Mar 27)
- Re: Open Resolver Problems Marco Davids (Mar 27)
- Re: Open Resolver Problems Jared Mauch (Mar 27)
- Re: Open Resolver Problems Joe Abley (Mar 27)
- Can we not just fix it? WAS:Re: Open Resolver Problems Michael DeMan (Mar 28)
- Re: Can we not just fix it? WAS:Re: Open Resolver Problems David Conrad (Mar 28)