[dns-operations] responding to spoofed ANY queries
drc at virtualized.org
Sun Jan 13 03:52:29 UTC 2013
On Jan 12, 2013, at 5:55 PM, Vernon Schryver <vjs at rhyolite.com> wrote:
> Laws requiring that all routers support one or more of the BCP 38
> mechanisms sound rather late and redundant and wouldn't do much to
> make ISPs turn them on,
Do you really believe that in the aftermath of a successful spoofing-based infrastructure attack in which (say) people die that politicians and lawmakers would care about the fact that the law was late or redundant?
I suspect you're misunderstanding what I'm saying: while I might believe nationally-based legislation may (possibly) have a positive impact in that it might reduce domestic spoofing and change the dynamics (forcing ISPs and hosting providers to wipe their own butts), whether or not a law is effective is beside the point. In the face of a high profile event which demonstrates industry self-regulation has utterly failed, politicians will feel a need to "do something" and the only thing they can do is pass laws. Yes, it is yet another form of "security theatre", but when has that stopped anyone?
However, I'm pretty sure this isn't appropriate fodder for dns-operations...
More information about the dns-operations