[dns-operations] Why would an MTA issue an ANY query instead of an MX query?
Warren Kumari
warren at kumari.net
Tue Jun 12 16:41:38 UTC 2012
On Jun 12, 2012, at 11:42 AM, Vernon Schryver wrote:
>> From: Tony Finch <dot at dotat.at>
>
>>> Yes, how is BCP 38 deployment going?
>>
>> Someone on NANOG recently mentioned http://spoofer.csail.mit.edu/
>
> http://rbeverly.net/research/papers/spoofer-imc09.html
> and the last slides in
> http://rbeverly.net/research/papers/spoofer-imc09-presentation.pdf
> suggest that relying on BCP 38 deployment is unsound.
<tilting at windmills>
Please, *Please*, PLEASE, *PLEASE*, pretty please with cherries on the top, if you haven't implemented BCP38 protection / source filtering / uRPF (trying to hit the keywords) protection yet, please do…
Also, please require it in RFPs, when you talk to networky people ask them if they have implemented and if not, hit them with a clue-stick.
</tilting at windmills>
I'm *sure* everyone here has already implemented BCP38 in all the applicable places, right? right?!. But just in case not, "for shame". Go on, it's important and it's not that hard[0]...
W
[0]: Yes, I understand that you have multihomed customers, and they like to randomly start announcing new space, but you already have BGP prefix filters, don't you? don't you?!!. Yup, and some folk have really old cruddy boxes that don't do line rate ACLs… and that idiot George in the NOC who keeps dropping ACLs in case that fixes some unrelated problem, and, and, and… but go on, make the effort…
>
>
> Vernon Schryver vjs at rhyolite.com
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>
--
Hope is not a strategy.
-- Ben Treynor, Google
More information about the dns-operations
mailing list