http://www.ietf.org/internet-drafts/draft-ietf-dnsop-reflectors-are-evil-05.txt
1) (Somewhat jokingly) I would strike the first word ("Recently") as the attacks were almost two years ago now. In the spirit of "sending text" it might be more appropriate to start with "Once upon a time...".
2) I guess I should get over the fact that "are-evil" is part of the the file name and that will go away when this document gets out of the RFC Editor. I think the tone of the document is right as is, recommending ways to have name servers not offer free and unchecked services unless the owner is aware.
3) I was a bit troubled by the discussion in the room on Monday. Parts of the discussion were hard to hear (the acoustics plus my aging ears) and I my laptop was off (no jabber for me). It sounded like someone (not present) claimed that they required open resolvers for roaming. The discussion seemed to criticize that comment because it is not generalizable, but I think that wasn't the intent. I thought the comment was offered as a reason why a blanket prohibition against open resolvers was a bad idea.
I would be against a campaign to cajole people into closing open resolvers. One reason is that I don't believe that the problem is the open resolvers but the inherent nature of UDP involved. Two is that it is up to operators to decide how to responsibly operate their network (and it is up to the IETF to give them the educational materials they need).
I think the document is a good balance. It recommends closing access to resolvers but does not berate those that leave them open. (Unless I missed something.) It lists approaches to selective openness. I apologize if I lost the train of thought of the mic discussion.
-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-571-434-5468 NeuStar Think glocally. Act confused. _______________________________________________ DNSOP mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dnsop
