IPv4 ANYCAST setup

Randy Bush randy at psg.com
Tue Mar 30 03:43:25 CDT 2010

>>> I have talked to multiple security officers (who are generally not  
>>> really knowledgeable on networks) who had 53/tcp blocked and none  
>>> have yet agreed to change it.
>> patience.  when things really start to break, and the finger of fate  
>> points at them, clue may arise.
> 36 days until all root servers have DNSSEC data, at which point large
> replies become normal.

are end user tools, i.e. a web click a button, available so they can
test if they are behind a clueless security id10t?

is there good simple end user docco they are somewhat likely to find
when things break for them?

i.e. what can we do to maximize the odds that the victim will quickly
find the perp, as opposed to calling our our tech support lines?


More information about the NANOG mailing list