Recursion the way it is set now with most DNS implementations, is the problem being exploited by spoofing. It is true spoofing is bad for our health, but that does not mean we should ignore what actually gets exploited, which is recursive name servers open to the world.
Fixing the one does not mean we shouldn't fix the other.
But fixing recursion also fixes the internet (fixes as in how you fix a dog) in that he who controls the DNS controls the net. Fixing DNS is going to hand over strict control to governments because now they can prevent you from resolving anything they don't want you to resolve. It also severely cuts into redundancy functions on the net. I realize even if we eliminate spoofing completely, dns can still be used to flood, but so can any other shared function on the net. We closed relay but I can still flood you with emails by doing a joe-job is a good example. At some point we really need to look at this and ask ourselves is it worth what we must give up in order to eliminate some attack vector and isn't there a better way that doesn't involve us giving up so much. I think in this case the answer is maybe there is a better way, eliminate spoofing or eliminate udp use in recursive dns queries are valid options. So in answer to the last part of the above quote, maybe we shouldn't fix the other. (just something to consider) George Roettger Netlink Services