[dns-operations] How many kinds of DNS DoS attacks are we trying to stop ?

[Geoffrey Sisson]

Phil Pennock <dnsop+phil at spodhuis.org> wrote:

> Does anyone have stats on RFC 4470 deployment?  Has it reached
> "ignorable" status?

As primary author of the complementary RFC 4471, I know of no one
who has deployed "white lies" in production.  I'd be curious to know
if anyone knows differently.

One use case that was discussed at the time was a highly-dynamic
ENUM namespace where signing NXDOMAINs on the fly might make more
sense than attempting to maintain a complete set of denial-of-existance
chains.  But much has changed since then: NSEC3 (and associated
opt-out), low (public-facing) ENUM uptake, Moore's law, etc.

Geoff