[DNSOP] Re: Last Call: draft-ietf-dnsop-reflectors-are-evil (Preventing Use of Recursive Nameservers in Reflector Attacks) to BCP

I do support this document being published as BCP. A couple of minor comments: Section 4's reference to BCP 84, in part, creates a false sense of useful action on part of the operator, IMO (in addition, there's a typo; s/were/where/). In situations were more complex network setups are in

Re: [DNSOP] Fwd: [rt.amsl.com #1387] AutoReply: submit new internet draft about Universal Resource Name Resolution

On Feb 2, 2008, at 4:59 AM, Lican Huang wrote: Hi, Who can tell me why I got a response of a trouble tickect message as following when I submit an Internet Draft to Internet- [EMAIL PROTECTED] [EMAIL PROTECTED] ? AMS just finished transition of all IETF IT services, and it appears as

Re: [DNSOP] Reflectors are Evil was Re: Anycast was Re: Cache poisoning on DNSSEC

On Sep 2, 2008, at 9:47 AM, Joe Abley wrote: There is usually no harm to anyone from open resolvers. No one has reported any further attacks since this draft was conceived. That is not true. It's possible that the forums in which such attacks are discussed are not available to you, of

Re: [DNSOP] Reflectors are Evil was Re: Anycast was Re: Cache poisoning on DNSSEC

Dean, I'm not going to argue this point by point with you, I simply provided data points on what folks who do this as part of their day job have observed and reported. You can choose to accept this, or not. As for bots and CCs and what's done in practice today and what's not, well, I know a

Re: [DNSOP] Reflectors are Evil was Re: Anycast was Re: Cache poisoning on DNSSEC

On Sep 3, 2008, at 9:42 AM, Dean Anderson wrote: I choose to report on why this data is not credible and should not be accepted by the DNSOP WG. I believe the WG has heard your position: There has been no further discussion of these attacks since the two very small motivating attacks were

Re: [DNSOP] call to work on edns-client-subnet

On May 7, 2014, at 1:13 PM, Suzanne Woolf suzworldw...@gmail.com wrote: This sounds to me like a) support for working on edns-client-subnet (and possibly things like it in the future), with b) a resulting RFC as Informational. I've found this discussion very helpful in solidifying the

Re: [DNSOP] call to work on edns-client-subnet

On May 8, 2014, at 12:43 PM, Suzanne Woolf suzworldw...@gmail.com wrote: Ah, sorry. Was trying to reflect what the discussion was saying, not impose an “edict”. It seemed like a reasonable starting position. Do you disagree? If so I’ll hope you’ll say what you think on the subject…. Yes,

Re: [DNSOP] Mitigation of name collisions

> On Oct 3, 2016, at 6:31 PM, Warren Kumari wrote: > > ... and just for the record, much much more could have been determined > (and users better warned / informed) if the address handed out was a > server which displayed an error / links to more information[0], or if > the

Re: [DNSOP] Mitigation of name collisions

> > I realize that you, Warren, are virtuous and would not do anything bad with > all of the secrets people fling at your server, but given the reality of the > TLD ecosystem, how confident are you that nobody else running such a server > would? Precisely why they ought to be notified of