[dns-operations] How many kinds of DNS DoS attacks are we trying to stop ?

bert hubert bert.hubert at netherlabs.nl
Thu Sep 27 20:55:45 UTC 2012


On Thu, Sep 27, 2012 at 08:45:43PM +0000, paul vixie wrote:
> On 9/27/2012 8:43 PM, bert hubert wrote:
> > We should therefore not forget to deploy something that works on the
> > not so sophisticated attacks we see today, and not immediately shoot
> > for the stars. ...
> 
> bert, it's hard to tell from this whether you know about DNS RRL, have
> studied it, and think it missed the mark? --paul

I did not intend to make a remark about RRL. From what I've seen, it looks
very useful, and I have no beef with it at all. 

As engineers, we often forget that the perfect is the enemy of the good.
This should not stop us from deploying the good.

That was the only thing I wanted to add.

	Bert




More information about the dns-operations mailing list