mailing list archives
Re: DOS attack against DNS?
From: Paul Vixie <vixie () vix com>
Date: 16 Jan 2006 18:12:25 +0000
joelja () darkwing uoregon edu (Joel Jaeggli) writes:
people inside one of the largest networks have told me that they have
customers who require the ability to bypass BCP38 restrictions, and that
they will therefore never be fully BCP38 compliant. ...
Consider people in the rest of the world who may purchase simplex
satellite links. By definition they inject traffic in places they aren't
announcing their route from.
yup, those are exactly the customers i was told about. (see above.) however,
there's still a way to filter-list the various interfaces -- it's just harder
than letting the routing table imply your filter-list for you. also however,
if these were the only customers who weren't made to follow BCP38, there would
not be a global BCP38-related problem right now. or, as i said before:
i've asked for BCP38 to become the default on all their other present
and future customers ...
Re: DOS attack against DNS? Paul Vixie (Jan 15)
Re: DOS attack against DNS? Alon Tirosh (Jan 17)