[dns-operations] RRL specified in a stable place?

Andrew Sullivan ajs at anvilwalrusden.com
Mon Feb 4 19:39:08 UTC 2013

On Mon, Feb 04, 2013 at 10:54:36AM -0800, Paul Hoffman wrote:
> We now have two implementation of response rate limiting (RRL). In order for it to be widely adopted, an Internet-Draft followed by an RFC would be Really Helpful.

What track do you expect this to go along?  Is this a DNSOP draft?
Because the implementations are really just a way of using existing
parts of the specifications in creative ways.  (They're also risky for
some operators.  Consider that, if you spoof $ISP's resolver addresses
and perform one of these attacks, then $ISP gets at least degraded
service during the rate limit period.  For most of us, that's probably
an acceptable trade off, but not for all operators unfortunately.  So
it's not a panacea either, and certainly cannot be considered a BCP
for all use cases.)


Andrew Sullivan
ajs at anvilwalrusden.com

More information about the dns-operations mailing list