[as112-ops] DNSSEC?
Thomas Mangin
thomas.mangin at exa-networks.co.uk
Wed Jan 13 13:23:56 UTC 2010
> There's nothing new or revolutionary here. It's just the amplification
> factor of 30x which is cause for concern.
Yes nothing new but it seems that no one planning DNSSEC deployments seems to see any potential harm coming from it.
I guess no one saw the problem of SPAM when SMTP was designed too, it was just a theoretical problem to be dealt with later ...
I have asked a Nominet staff during a Linx meeting (Ray Bellis) what they thought about it and I did not really got what I would call a reassuring answer. The answer is available to Linx members which can access the Linx 67 video archive but in essence it says - we would cope and we do not expect the root to be used more than any other zone to perform the attack, so we do not see this as a problem for Nominet.
I guess I will have the opportunity to re-ask the question on the 21st at UKNOF and perhaps get a answer convincing me that the problem is not made worse by DNSSEC - perhaps even from you :D
Thomas Mangin
Technical Director
--
Exa Networks Limited - http://www.exa-networks.co.uk/
Company No. 04922037 - VAT no. 829 1565 09
27-29 Mill Field Road, BD16 1PY, UK
Phone: +44 (0) 845 145 1234 - Fax: +44 (0) 1274 567646
More information about the as112-ops
mailing list