> From: Doug Barton <do...@dougbarton.us> > is that (like RRL) your proposal relies on people updating their > software.
RRL needs only authority and open recursive servers to be updated. The vast majority of DNS installations are closed recursive and stubb servers that do not need RRL. (A case could be made for RRL on a minority of private recursive servers.) Other ideas that I like such as DNS cookies would need more widespread changes, which makes enthusiasm for them taxing. > RRL is actually useful for DDOS > attacks against the authoritative server itself. There are likely other > reasons, but those are the most obvious (to me anyway). That's in the RRL sales story that I've been flogging since before the first version of the RRL patch, but so far it has been only incidentally true. Some DNS server operators have reported drastic reductions in network and CPU load during attacks thanks to RRL, but they were not the intended victims of the attacks. Vernon Schryver v...@rhyolite.com Please join me in trying not to feed the troll. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
