At Thu, 07 Sep 2017 10:36:50 -0700, Wes Hardaker <wjh...@hardakers.net> wrote:
> > I'm not enthousiastic. We should focus on making the DNS > > infrastructure more reliable, not on adding something to a pile of > > already fragile protocols. > > I don't believe we have any ideas how to make infrastructure more > reliable in the face of DDoS attacks. +1. If we don't work on a proposal like this, I'd love to see a specific counter proposal that doesn't violate the current protocol specification (i.e., using a cached answer beyond its TTL) and still avoids resolution failure when authoritative servers are forced to be non-responsive due to huge scale DoS attacks. Otherwise the more likely scenario is that some vendors still keep a similar protocol violation using marketing decoration like "smartness" while other compliant implementors just look incompetent (and this will be a huge incentive for the latter group to follow the former, and we'll just see more proliferation of this violation). -- JINMEI, Tatuya _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
