[dns-operations] Limiting DNSSEC-based amplification attacks

Randy Bush randy at psg.com
Wed Jun 29 11:13:27 UTC 2011

> 	Adding overhead to your operation in order to mitigate the
> 	effects of someone else's negligence not only subsidizes that
> 	negligence, but also leads to a situation in which any future
> 	disengagement will likely cause damage and bring blame on
> 	your operation.

i call this the "do gooder" software phenomenon.  when you succeed in
covering the garbage, no one notices and thanks you.  when you make a
mistake in doing it and cause a mess, you become a notorious ass.

do not be liberal in what you accept.  that way lies chaos.


More information about the dns-operations mailing list