[dns-operations] Storm on the DNS

Song Linjian (Davey) songlinjian at gmail.com
Mon Dec 21 02:00:38 UTC 2015


How about source validation on open resolvers themselves? which means all open resolvers only serve it¡¯s local users.

> ÔÚ 2015Äê12ÔÂ21ÈÕ£¬09:25£¬Joe Abley <jabley at hopcount.ca> дµÀ£º
> 
> Hi there,
> 
> On Dec 20, 2015, at 20:10, Yonghua Peng <pyh at cloud-china.org> wrote:
> 
>> BCP 38 is nice, but it's a passive way of defense against DDoS.
> 
> I presume what you mean is that it's an absolute defence against
> attacks that rely upon being able to spoof source addresses.
> 
> The trouble with BCP 38 is not its utility, but the fact that to date
> nobody has found a reliable way to motivate everybody to deploy it,
> for operationally-sufficient values of "everybody".
> 
>> There is a Chinese old saying, ¿¿È˲»Èç¿¿¼º.
> 
> You can lead a horse to water, but maybe it didn't come from where you
> thought it did and quite possibly it's not even a horse.
> 
> 
> Joe
> 
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs

------------------------------
Davey Song(ËÎÁÖ½¡)
BII Lab
songlinjian at gmail.com


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20151221/5685a77b/attachment.html>


More information about the dns-operations mailing list