Subject: Re: [DNSOP] I-D Action:draft-ietf-dnsop-reflectors-are-evil-06.txt Date: Fri, Sep 12, 2008 at 02:08:37PM -0400 Quoting Dean Anderson ([EMAIL PROTECTED]): > > Were it universally deployed, yes. Will it be? No. Thus, no. > > What do you want to spend your time doing: Getting people to implement > BCP38 or getting people to close open recursors?
I _want_ to spend time with my family, and now and then have a beer with my friends. With the Internet being a network of networks, it will by virtue of this fact be heterogenously built, maintained and configured. BCP38 is in place. It is a good cluebat, but won't bite on all people. For those situations where BCP38 is operationally (for some persons definition of) impossible to deploy, or for when the cluebat does not work, we need a cluestick. Perhaps, just perhaps, it will hurt enough. Differently enough that we get to close another attack vector. (because these attacks do happen. Surprise! ) I see a RFC about the disadvantages of running open recursors as this clue stick. There is no need to oppose BCP38 with a !recurse RFC; they will complement each other just nicely. Simply because the Internet is a patchwork of different ways to run networks. -- _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
