[dns-operations] A Case Against DNSSEC (A Matasano Miniseries)

Rob Thomas robt at cymru.com
Wed Apr 4 16:14:27 UTC 2007

> Not everyone can afford to over provision, regardless of how
> responsible they are.  There maybe limits to what's available to over
> provision with.  Sometimes you have to get crafty.

Agreed, as well as verify, verify, verify.  I'm not the only person  
who has obtained GigE only to find out that the egress from the  
router is only, say, OC12.

Massive over-provisioning at the edge is fine, but it isn't the only  
location of finite resources.  A 22Gbps attack can wipe out a lot of  
gear and pipes on its way to its intended target.  The miscreants are  
often clever enough to figure out the weak points and go after them,  
instead of attempting to fill the deepest bucket.

Rob Thomas
Team Cymru
cmn_err(do_panic, "Out of coffee!");

More information about the dns-operations mailing list