[dns-operations] responding to spoofed ANY queries

Florian Weimer fw at deneb.enyo.de
Sun Jan 13 09:46:02 UTC 2013

* Paul Vixie:

>> The spoofing problem could be mitigated if we actually wanted to, and
>> were willing to punish those who try to send their pollution to the
>> rest of the network.
> no. there is no "we" in this context.

I meant the "we" in "we the people".  Punishment for community-harming
behavior should be the prerogative of the sovereign, anyway.

>> We just need to admit that self-regulation by the industry has failed
>> to address this matter adequately.
> and having so admitted, what will we do next or do differently?

We could lobby for law that makes those who push packets with forged
source addresses (so that original network operator cannot be
identified anymore) liable for the damage these packets cause.

> the internet is extra-legal because it is extra-national.

Doesn't really matter.  If a network peer doesn't have the same
liability as you do, you better put in filters.

More information about the dns-operations mailing list