[dns-operations] A Case Against DNSSEC (A Matasano Miniseries)

Matt Larson mlarson at verisign.com
Tue Apr 3 18:51:16 UTC 2007

On Tue, 03 Apr 2007, Rodney Joffe wrote:
> I remain (October 2002) convinced that no matter what "solution[s]"  
> we end up with, we'll *have* to include a control plane, in some form  
> or another.

Could you please give an example of what you mean by DNS control plane

When you proposed this idea in late 2002, Rodney, I recall that it was
in response to the October, 2002 DDoS attacks and involved creating a
VPN of sorts to ensure that participants in the scheme always got
their queries answered by using dedicated paths to your (and other
providers') infrastructure.  That sounds like creating multiple
classes of service, not a control plane.

VeriSign's DDoS mitigation strategy was and remains to spend the money
and devote the engineering necessary to over provision to handle what
comes at us.


More information about the dns-operations mailing list