Jimmy, On Apr 6, 2012, at 1:24 PM, Jimmy Hess wrote: > On Fri, Apr 6, 2012 at 1:24 PM, David Conrad <[email protected]> wrote: >> I suspect the root server operators might not like this idea very much. > If it solves other problems adequately, they might eventually just have to > learn to like it.
I was, of course, using the root servers as a proxy for pretty much any DNS server operator. The root server operators aren't unique in the requirement to respond to an unbounded number of queries. >> Treating a symptom and ignoring the disease. See >> http://tools.ietf.org/html/bcp38 > No. Implementation of BCP38 does have value, but the existence of > BCP38 does not solve DNS application problems; You seemed to have missed the part where it isn't just a DNS problem. Your solution would appear to be to replace every datagram-based query/response protocol such as ICMP and SNMP. I personally think it is more feasible for ISPs to implement BCP38 than it is for the entire Internet to move away from using datagram-based query/response protocols, but that's probably just me. > but ignoring mitigation of the symptoms, > despite there being more readily available options for symptom mitigation. Sorry, which more readily available options are those? I don't think forcing a 3-way exchange for stuff like PMTUD is 'readily available'. > The underlying problem is that "BCP38" is not really a "best common practice", > despite the name of the series. The name of the series is "Best Current Practice". > Lots of networks don't and will not ever implement BCP38; It is true that lots of networks don't implement BCP38. Whether or not they will ever is more debatable. I suspect that we're about one major spoofing-based infrastructure attack away from proposed legislation that would force folks to implement something like BCP38, but I may be a bit more pessimistic than most. However, I would be interested in hearing what the excuses are for folks not implementing BCP38 these days. Regards, -drc
