[BBLISA] BGP and multicast (thread renamed)
Doug Hirsch
dhirsch at pobox.com
Wed Jul 21 02:57:36 EDT 2010
Bob,
I disagree about squelching this topic if others have something to say
about it. This is something that more of us should learn about, if
not because we can do anything about it directly, then because, as you
say, there's trouble coming, which we ought to expect and plan to
survive. From a practical point of view, is there anything system
administrators can do to weather the coming DNS storms?
Doug
On Wed, Jul 21, 2010 at 2:03 AM, Robert Keyes <bob at sinister.com> wrote:
>
> On Wed, 21 Jul 2010, Bill Bogstad wrote:
>
>> Things change and other things stop working. Most people won't pay
>> for "perfect solutions", they just want things to work NOW. That's
>> life...
>
> They may work, but they are "hacks" and not something that should be
> implemented if there's not a better solution. So, I'd say that DNSSEC has
> some strikes against it, regardless of its "working now". I don't have
> access to the data that you or Dean cite, so I can't even begin to say who
> is right. But I can say that DNS is a pretty critical part of the Internet
> infrastructure and ought to be treated as such.
>
> But again, I feel as though we are going off the original thread. This
> time, even further than my change of title suggests. It would be
> interesting discussing this with those interested over a beer some time,
> but I don't want to subject the rest of the list subscribers to that which
> they can't scrutize and makes decisions about. As it stands now, I don't
> use DNSSEC nor DNSCurve. I've known, and tried to publicize, the woefully
> inadequate security of the DNS infrastructure to those who were in power
> for many years. Before Kaminsky, by years. I even had managed to insert a
> new TLD in one of the root servers many years ago, just as an example of
> how badly flawed the architecture is. Vixie was abusive. Others ignored
> me. Being ignored, some of my data was either recovered or replicated by
> others such as Kaminsky. All I can say is: this new .xxx domain is going
> to cause DNS chaos like we've never seen before, due to the DoS'ing of DNS
> servers. But I've talked too long after saying we should snip it short.
>
> Reply to me in private or CC to others who have shown interest in the
> topic.
>
> -Bob
More information about the bblisa
mailing list