Open Resolver Problems

• Previous message (by thread): Open Resolver Problems
• Next message (by thread): Open Resolver Problems
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 3/27/2013 4:49 PM, Tony Finch wrote:
> Jack Bates <jbates at brightok.net> wrote:
>
>> 3) BCP38 (in spirit)
> That should be deployed as well as RRL.
>
> Tony.

If BCP38 was properly deployed, what would be the purpose of RRL outside 
of misbehaving clients or direct attacks against that one server?

We already know the fix for spoofing. Trying to tweak every service that 
spoofing effectively takes advantage of will not be a winning game. 
Sending legitimate clients to TCP is also a losing game. DNS is UDP for 
a reason. The infrastructure to switch it to TCP is prohibitive and 
completely destroys the anycast mechanisms.


Jack

• Previous message (by thread): Open Resolver Problems
• Next message (by thread): Open Resolver Problems
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]