[87981] in North American Network Operators' Group
Re: DOS attack against DNS?
daemon@ATHENA.MIT.EDU (Paul Vixie)
Mon Jan 16 13:12:52 2006
To: nanog@merit.edu
From: Paul Vixie <vixie@vix.com>
Date: 16 Jan 2006 18:12:25 +0000
In-Reply-To: <Pine.LNX.4.64.0601160943150.30093@twin.uoregon.edu>
Errors-To: owner-nanog@merit.edu
joelja@darkwing.uoregon.edu (Joel Jaeggli) writes:
> > people inside one of the largest networks have told me that they have
> > customers who require the ability to bypass BCP38 restrictions, and that
> > they will therefore never be fully BCP38 compliant. ...
>
> Consider people in the rest of the world who may purchase simplex
> satellite links. By definition they inject traffic in places they aren't
> announcing their route from.
yup, those are exactly the customers i was told about. (see above.) however,
there's still a way to filter-list the various interfaces -- it's just harder
than letting the routing table imply your filter-list for you. also however,
if these were the only customers who weren't made to follow BCP38, there would
not be a global BCP38-related problem right now. or, as i said before:
> > i've asked for BCP38 to become the default on all their other present
> > and future customers ...
--
Paul Vixie
