[124291] in North American Network Operators' Group
Re: IPv4 ANYCAST setup
daemon@ATHENA.MIT.EDU (Randy Bush)
Tue Mar 30 04:44:04 2010
Date: Tue, 30 Mar 2010 17:43:25 +0900
From: Randy Bush <randy@psg.com>
To: Tony Finch <dot@dotat.at>
In-Reply-To: <7F282E43-B67C-4119-9D85-BF40C1C7BE1E@dotat.at>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
>>> I have talked to multiple security officers (who are generally not
>>> really knowledgeable on networks) who had 53/tcp blocked and none
>>> have yet agreed to change it.
>> patience. when things really start to break, and the finger of fate
>> points at them, clue may arise.
> 36 days until all root servers have DNSSEC data, at which point large
> replies become normal.
are end user tools, i.e. a web click a button, available so they can
test if they are behind a clueless security id10t?
is there good simple end user docco they are somewhat likely to find
when things break for them?
i.e. what can we do to maximize the odds that the victim will quickly
find the perp, as opposed to calling our our tech support lines?
randy
