mailing list archives
Re: AS8584 taking over the internet
From: Hank Nussbacher <hank () ibm net il>
Date: Fri, 10 Apr 1998 09:49:46 +0200
At 07:25 PM 4/9/98 -0400, Scott Huddle wrote:
I have and remain unconvinced and or confused ;) The proposal allows
an operator to verify a valid origin AS for a given prefix (i.e. "config"
sorry if I'm being loose with the word) by using the DNS system with
"bgp.in-addr" extensions. I'm not sure which part of the random
route announcement problem that dnssec solves in this case? It can
help with the "are they indeed are who they say they are", but it
doesn't solve the "are they supposed to be doing what they said that
they're doing" case.
Has anyone benchmarked how long it will take to resolve 50,000 bgp.in-addr's
after a line hiccup or a "clear ip bgp *"? -Hank
And you didn't address my paranoia about not trusting the DNS ;)
you may wish to read the draft. it did not suggest using the dns to
configure. and you may also want to look into dnssec.
- Re: AS8584 taking over the internet, (continued)