[dns-operations] Storm on the DNS

Song Linjian (Davey) songlinjian at gmail.com
Mon Dec 21 02:00:38 UTC 2015

How about source validation on open resolvers themselves? which means all open resolvers only serve it’s local users.

> 在 2015年12月21日,09:25,Joe Abley <jabley at hopcount.ca> 写道:
> Hi there,
> On Dec 20, 2015, at 20:10, Yonghua Peng <pyh at cloud-china.org> wrote:
>> BCP 38 is nice, but it's a passive way of defense against DDoS.
> I presume what you mean is that it's an absolute defence against
> attacks that rely upon being able to spoof source addresses.
> The trouble with BCP 38 is not its utility, but the fact that to date
> nobody has found a reliable way to motivate everybody to deploy it,
> for operationally-sufficient values of "everybody".
>> There is a Chinese old saying, 靠人不如靠己.
> You can lead a horse to water, but maybe it didn't come from where you
> thought it did and quite possibly it's not even a horse.
> Joe
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs

Davey Song(宋林健)
songlinjian at gmail.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20151221/5685a77b/attachment.html>

More information about the dns-operations mailing list