[dns-operations] If I were the suspicious type.... (was: DNS Amplification Attacks)
John Palmer (NANOG Acct)
nanog at adns.net
Wed Mar 22 23:40:32 UTC 2006
If I were the suspicious kind, I would think that maybe this is being
used as a way to stop the seemingly unstoppable Inclusive Namespace
One of the things that make it work is the ability to allow internet
users to route around a stubborn ISP. Your ISP doesn't support
Public-Root or UnifiedRoot or ORSC? - Well all of those organizations
have a dozen or so each of public resolvers.
If, and only if, I were the suspicious type, I may think that the old guard
that supports ICANN (ISC and its ilk) may be seeing this as an
opportunity. Make a big stink about this socalled "security problem"
and then advise ISPs to block outbound port 53, thereby denying
their users a choice of DNS providers.
On the other hand, there may be a real risk here. We shall see.
More information about the dns-operations