[dns-operations] Storm on the DNS
Song Linjian (Davey)
songlinjian at gmail.com
Mon Dec 21 02:00:38 UTC 2015
How about source validation on open resolvers themselves? which means all open resolvers only serve it’s local users.
> 在 2015年12月21日,09:25,Joe Abley <jabley at hopcount.ca> 写道:
>
> Hi there,
>
> On Dec 20, 2015, at 20:10, Yonghua Peng <pyh at cloud-china.org> wrote:
>
>> BCP 38 is nice, but it's a passive way of defense against DDoS.
>
> I presume what you mean is that it's an absolute defence against
> attacks that rely upon being able to spoof source addresses.
>
> The trouble with BCP 38 is not its utility, but the fact that to date
> nobody has found a reliable way to motivate everybody to deploy it,
> for operationally-sufficient values of "everybody".
>
>> There is a Chinese old saying, 靠人不如靠己.
>
> You can lead a horse to water, but maybe it didn't come from where you
> thought it did and quite possibly it's not even a horse.
>
>
> Joe
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
------------------------------
Davey Song(宋林健)
BII Lab
songlinjian at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20151221/5685a77b/attachment.html>
More information about the dns-operations
mailing list