27 Mar
2013
27 Mar
'13
5:59 p.m.
On 3/27/2013 4:49 PM, Tony Finch wrote:
Jack Bates <jbates@brightok.net> wrote:
3) BCP38 (in spirit) That should be deployed as well as RRL.
Tony.
If BCP38 was properly deployed, what would be the purpose of RRL outside of misbehaving clients or direct attacks against that one server? We already know the fix for spoofing. Trying to tweak every service that spoofing effectively takes advantage of will not be a winning game. Sending legitimate clients to TCP is also a losing game. DNS is UDP for a reason. The infrastructure to switch it to TCP is prohibitive and completely destroys the anycast mechanisms. Jack