North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: DOS attack against DNS?
- From: Paul Vixie
- Date: Mon Jan 16 13:13:40 2006
firstname.lastname@example.org (Joel Jaeggli) writes:
> > people inside one of the largest networks have told me that they have
> > customers who require the ability to bypass BCP38 restrictions, and that
> > they will therefore never be fully BCP38 compliant. ...
> Consider people in the rest of the world who may purchase simplex
> satellite links. By definition they inject traffic in places they aren't
> announcing their route from.
yup, those are exactly the customers i was told about. (see above.) however,
there's still a way to filter-list the various interfaces -- it's just harder
than letting the routing table imply your filter-list for you. also however,
if these were the only customers who weren't made to follow BCP38, there would
not be a global BCP38-related problem right now. or, as i said before:
> > i've asked for BCP38 to become the default on all their other present
> > and future customers ...