[dns-operations] Storm on the DNS
jabley at hopcount.ca
Mon Dec 21 01:25:08 UTC 2015
On Dec 20, 2015, at 20:10, Yonghua Peng <pyh at cloud-china.org> wrote:
> BCP 38 is nice, but it's a passive way of defense against DDoS.
I presume what you mean is that it's an absolute defence against
attacks that rely upon being able to spoof source addresses.
The trouble with BCP 38 is not its utility, but the fact that to date
nobody has found a reliable way to motivate everybody to deploy it,
for operationally-sufficient values of "everybody".
> There is a Chinese old saying, 靠人不如靠己.
You can lead a horse to water, but maybe it didn't come from where you
thought it did and quite possibly it's not even a horse.
More information about the dns-operations