[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [DNSOP] I-D Action:draft-ietf-dnsop-reflectors-are-evil-06.txt
Subject: Re: [DNSOP] I-D Action:draft-ietf-dnsop-reflectors-are-evil-06.txt Date: Fri, Sep 12, 2008 at 02:08:37PM -0400 Quoting Dean Anderson (dean at av8.com):
> > Were it universally deployed, yes. Will it be? No. Thus, no.
>
> What do you want to spend your time doing: Getting people to implement
> BCP38 or getting people to close open recursors?
I _want_ to spend time with my family, and now and then have a beer
with my friends.
With the Internet being a network of networks, it will by virtue of
this fact be heterogenously built, maintained and configured.
BCP38 is in place. It is a good cluebat, but won't bite on all people.
For those situations where BCP38 is operationally (for some persons
definition of) impossible to deploy, or for when the cluebat does not
work, we need a cluestick. Perhaps, just perhaps, it will hurt enough.
Differently enough that we get to close another attack vector. (because
these attacks do happen. Surprise! )
I see a RFC about the disadvantages of running open recursors as this
clue stick. There is no need to oppose BCP38 with a !recurse RFC; they
will complement each other just nicely. Simply because the Internet is
a patchwork of different ways to run networks.
--
_______________________________________________
DNSOP mailing list
DNSOP at ietf.org
https://wwFrom dnsop-bounces at ietf.org Fri Sep 12 13:44:45 2008
Return-Path: <dnsop-bounces at ietf.org>
X-Original-To: dnsop-archive at lists.ietf.org
Delivered-To: ietfarch-dnsop-archive at core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
by core3.amsl.com (Postfix) with ESMTP id 44D133A6A9C;
Fri, 12 Sep 2008 13:44:45 -0700 (PDT)
X-Original-To: dnsop at core3.amsl.com
Delivered-To: dnsop at core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
by core3.amsl.com (Postfix) with ESMTP id 288543A6A9C
for <dnsop at core3.amsl.com>; Fri, 12 Sep 2008 13:44:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5
tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32])
by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id fRY1bTKYWkRG for <dnsop at core3.amsl.com>;
Fri, 12 Sep 2008 13:44:43 -0700 (PDT)
Received: from paka.besserwisser.org (paka.besserwisser.org [88.80.2.203])
by core3.amsl.com (Postfix) with ESMTP id 0E6A13A68C6
for <dnsop at ietf.org>; Fri, 12 Sep 2008 13:44:42 -0700 (PDT)
Received: from paka.besserwisser.org (localhost [127.0.0.1])
by paka.besserwisser.org (8.13.8+Sun/8.13.7) with ESMTP id
m8CKildS009017
for <dnsop at ietf.org>; Fri, 12 Sep 2008 22:44:47 +0200 (CEST)
Received: (from mansaxel at localhost)
by paka.besserwisser.org (8.13.8+Sun/8.13.7/Submit) id m8CKilhh009016
for dnsop at ietf.org; Fri, 12 Sep 2008 22:44:47 +0200 (CEST)
Date: Fri, 12 Sep 2008 22:44:47 +0200
From: Mans Nilsson <mansaxel at besserwisser.org>
To: dnsop at ietf.org
Message-ID: <20080912204447.GP18581 at besserwisser.org>
References: <20080911195546.GH18581 at besserwisser.org>
<Pine.LNX.4.44.0809121407150.3783-100000 at citation2.av8.net>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <Pine.LNX.4.44.0809121407150.3783-100000 at citation2.av8.net>
X-URL: http://vvv.besserwisser.org
X-Purpose: More of everything NOW!
X-happyness: Life is good.
User-Agent: Mutt/1.5.18 (2008-05-17)
Subject: Re: [DNSOP] I-D Action:draft-ietf-dnsop-reflectors-are-evil-06.txt
X-BeenThere: dnsop at ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>,
<mailto:dnsop-request at ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/dnsop>
List-Post: <mailto:dnsop at ietf.org>
List-Help: <mailto:dnsop-request at ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>,
<mailto:dnsop-request at ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsop-bounces at ietf.org
Errors-To: dnsop-bounces at ietf.org
Subject: Re: [DNSOP] I-D Action:draft-ietf-dnsop-reflectors-are-evil-06.txt Date: Fri, Sep 12, 2008 at 02:08:37PM -0400 Quoting Dean Anderson (dean at av8.com):
> > Were it universally deployed, yes. Will it be? No. Thus, no.
>
> What do you want to spend your time doing: Getting people to implement
> BCP38 or getting people to close open recursors?
I _want_ to spend time with my family, and now and then have a beer
with my friends.
With the Internet being a network of networks, it will by virtue of
this fact be heterogenously built, maintained and configured.
BCP38 is in place. It is a good cluebat, but won't bite on all people.
For those situations where BCP38 is operationally (for some persons
definition of) impossible to deploy, or for when the cluebat does not
work, we need a cluestick. Perhaps, just perhaps, it will hurt enough.
Differently enough that we get to close another attack vector. (because
these attacks do happen. Surprise! )
I see a RFC about the disadvantages of running open recursors as this
clue stick. There is no need to oppose BCP38 with a !recurse RFC; they
will complement each other just nicely. Simply because the Internet is
a patchwork of different ways to run networks.
--
_______________________________________________
DNSOP mailing list
DNSOP at ietf.org
https://www.ietf.orgFrom dnsop-bounces at ietf.org Fri Sep 12 13:44:45 2008
Return-Path: <dnsop-bounces at ietf.org>
X-Original-To: dnsop-archive at optimus.ietf.org
Delivered-To: ietfarch-dnsop-archive at core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
by core3.amsl.com (Postfix) with ESMTP id 44D133A6A9C;
Fri, 12 Sep 2008 13:44:45 -0700 (PDT)
X-Original-To: dnsop at core3.amsl.com
Delivered-To: dnsop at core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
by core3.amsl.com (Postfix) with ESMTP id 288543A6A9C
for <dnsop at core3.amsl.com>; Fri, 12 Sep 2008 13:44:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5
tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32])
by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id fRY1bTKYWkRG for <dnsop at core3.amsl.com>;
Fri, 12 Sep 2008 13:44:43 -0700 (PDT)
Received: from paka.besserwisser.org (paka.besserwisser.org [88.80.2.203])
by core3.amsl.com (Postfix) with ESMTP id 0E6A13A68C6
for <dnsop at ietf.org>; Fri, 12 Sep 2008 13:44:42 -0700 (PDT)
Received: from paka.besserwisser.org (localhost [127.0.0.1])
by paka.besserwisser.org (8.13.8+Sun/8.13.7) with ESMTP id
m8CKildS009017
for <dnsop at ietf.org>; Fri, 12 Sep 2008 22:44:47 +0200 (CEST)
Received: (from mansaxel at localhost)
by paka.besserwisser.org (8.13.8+Sun/8.13.7/Submit) id m8CKilhh009016
for dnsop at ietf.org; Fri, 12 Sep 2008 22:44:47 +0200 (CEST)
Date: Fri, 12 Sep 2008 22:44:47 +0200
From: Mans Nilsson <mansaxel at besserwisser.org>
To: dnsop at ietf.org
Message-ID: <20080912204447.GP18581 at besserwisser.org>
References: <20080911195546.GH18581 at besserwisser.org>
<Pine.LNX.4.44.0809121407150.3783-100000 at citation2.av8.net>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <Pine.LNX.4.44.0809121407150.3783-100000 at citation2.av8.net>
X-URL: http://vvv.besserwisser.org
X-Purpose: More of everything NOW!
X-happyness: Life is good.
User-Agent: Mutt/1.5.18 (2008-05-17)
Subject: Re: [DNSOP] I-D Action:draft-ietf-dnsop-reflectors-are-evil-06.txt
X-BeenThere: dnsop at ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>,
<mailto:dnsop-request at ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/dnsop>
List-Post: <mailto:dnsop at ietf.org>
List-Help: <mailto:dnsop-request at ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>,
<mailto:dnsop-request at ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsop-bounces at ietf.org
Errors-To: dnsop-bounces at ietf.org
Subject: Re: [DNSOP] I-D Action:draft-ietf-dnsop-reflectors-are-evil-06.txt Date: Fri, Sep 12, 2008 at 02:08:37PM -0400 Quoting Dean Anderson (dean at av8.com):
> > Were it universally deployed, yes. Will it be? No. Thus, no.
>
> What do you want to spend your time doing: Getting people to implement
> BCP38 or getting people to close open recursors?
I _want_ to spend time with my family, and now and then have a beer
with my friends.
With the Internet being a network of networks, it will by virtue of
this fact be heterogenously built, maintained and configured.
BCP38 is in place. It is a good cluebat, but won't bite on all people.
For those situations where BCP38 is operationally (for some persons
definition of) impossible to deploy, or for when the cluebat does not
work, we need a cluestick. Perhaps, just perhaps, it will hurt enough.
Differently enough that we get to close another attack vector. (because
these attacks do happen. Surprise! )
I see a RFC about the disadvantages of running open recursors as this
clue stick. There is no need to oppose BCP38 with a !recurse RFC; they
will complement each other just nicely. Simply because the Internet is
a patchwork of different ways to run networks.
--
_______________________________________________
DNSOP mailing list
DNSOP at ietf.org
https://www.ietf.ow.ietf.org/mailman/listinfo/dnsop
/mailman/listinfo/dnsop
rg/mailman/listinfo/dnsop