[dns-operations] Github Down cause of DNS (dyne) problem ?

David Conrad drc at virtualized.org
Sat Oct 22 01:13:01 UTC 2016


Viktor,

On October 21, 2016 at 11:01:46 AM, Viktor Dukhovni (ietf-dane at dukhovni.org) wrote:

Given the scale of recent attacks, perhaps the time has come for
responsible networks to announce dates by which peering will cease
with parties that ignore BCP 38.

Initial reports suggest this attack is at least partially Mirai-based, thus BCP38 probably won't help.  That isn't to say we shouldn't push for BCP38, but it isn't a silver bullet.

I believe the real issue is that the vulnerabilities on the Internet are multifaceted and (in my opinion) highlight a fundamental architectural issue: end-to-end assumes all the brains are at the edges, however brains attract zombies and we've got tissue paper walls protecting us. Without vastly improved security, Internet of Things will become Internet of Zombies and I've long believed that it will simply not be possible for infrastructure providers, critical or not, to be able to scale their capacity to keep up.

So, sure, BCP38 is a great idea and everyone should do it, but it isn't going to solve the problem.

Regards,
-drc
(ICANN CTO, but speaking only for myself)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20161021/ae3f94e6/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Message signed with OpenPGP using AMPGpg
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20161021/ae3f94e6/attachment.sig>


More information about the dns-operations mailing list