[dns-operations] RRL specified in a stable place?
Paul Hoffman
paul.hoffman at vpnc.org
Mon Feb 4 20:31:28 UTC 2013
On Feb 4, 2013, at 11:39 AM, Andrew Sullivan <ajs at anvilwalrusden.com> wrote:
> On Mon, Feb 04, 2013 at 10:54:36AM -0800, Paul Hoffman wrote:
>> We now have two implementation of response rate limiting (RRL). In order for it to be widely adopted, an Internet-Draft followed by an RFC would be Really Helpful.
>>
>
> What track do you expect this to go along? Is this a DNSOP draft?
> Because the implementations are really just a way of using existing
> parts of the specifications in creative ways. (They're also risky for
> some operators. Consider that, if you spoof $ISP's resolver addresses
> and perform one of these attacks, then $ISP gets at least degraded
> service during the rate limit period. For most of us, that's probably
> an acceptable trade off, but not for all operators unfortunately. So
> it's not a panacea either, and certainly cannot be considered a BCP
> for all use cases.)
I think it should be Experimental, it should discuss any differences that the BIND and NSD folks have, and it should be an individual submission.
After than, people can discuss the different approaches over maybe a year, and if there is kinda general agreement, it can come to DNSOP for BCP consideration. If it fails there, the Experimental RFC still lives on.
Old-style IETF (RFC that really requests comments), and only later settling on what to tell the community as "best".
--Paul Hoffman
More information about the dns-operations
mailing list