[dns-operations] Storm on the DNS

=?gb2312?Q?=22Davey=28=CB=CE=C1=D6=BD=A1=29=22?= ljsong at biigroup.cn
Mon Dec 21 06:23:11 UTC 2015


Thank you for the pointer to RFC5358 which is exactly what I would like to suggest.  
It does aim for open resolver to adopt the recommended configuration.

The resolvers of ISPs and enterprises have fixed groups of users belongs to the same 
administration , in which there is little reason not implementing RFC5358. For open 
resolver like Google, OpenDNS, DYN, 114DNS which is based on global/national anycast, 
the query is most likely responded by the nearest anycast node which definitely knows the 
IP range of their frequent users. So RFC5358 is also applicable for such kind of open resolver.

So my intuitive question is when DNS people ask network operator strongly to adopt BCP38 
to encounter source address spoofing, should they consider BCP140 in the first place? 

Davey

> ÔÚ 2015Äê12ÔÂ21ÈÕ£¬13:17£¬Paul Vixie <paul at redbarn.org> дµÀ£º
> 
> Song Linjian (Davey) songlinjian at gmail.com <http://gmail.com/> (Mon Dec 21 02:00:38 UTC 2015):
>  
> > How about source validation on open resolvers themselves?
> > which means all open resolvers only serve it¡¯s local users.
>  
> in that case they would not be "open" resolvers. see RFC 5358.
>  
> -- 
> P Vixie
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net <mailto:dns-operations at lists.dns-oarc.net>
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations <https://lists.dns-oarc.net/mailman/listinfo/dns-operations>
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs <https://lists.dns-oarc.net/mailman/listinfo/dns-jobs>
---------------------------
Davey Song(ËÎÁÖ½¡)
BII Lab
ljsong at biigroup.cn



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20151221/23223741/attachment.html>


More information about the dns-operations mailing list