This is a discussion on Re: DNS Blackhole attack - DNS ; On Sun, 6 Mar 2005 firstname.lastname@example.org wrote: > On Sun, Mar 06, 2005 at 12:03:20AM -0500, Dean Anderson wrote: > > On Sat, 5 Mar 2005, Hallam-Baker, Phillip wrote: > > > This just appeared on the SANS list. Time ...
On Sun, 6 Mar 2005 email@example.com wrote:
> On Sun, Mar 06, 2005 at 12:03:20AM -0500, Dean Anderson wrote:
> > On Sat, 5 Mar 2005, Hallam-Baker, Phillip wrote:
> > > This just appeared on the SANS list. Time to stop arguing and get DNSSEC
> > > deployed.
> > I've not been testing DNSSEC, but I understand it requires TCP. So, DNSSEC
> you might want to try it out to be sure of your understandings.
Yep. When I'm not sure of something, I usually say so.
> > cannot be deployed on root servers, due to large number of root servers
> > using anycast, and anycast conflict with the DNSSEC's TCP requirements.
> > (Anycast only works on UDP single packet per transaction protocols. ISC
> > mistakenly told root operators that anycast can be deployed with TCP.) So,
> they did? guess not everyone received the msg.
I suppose some people ignored the discussion of anycast on DNSOP. And
someone complained that anycast DNS root server operations weren't
relevant to Nanog. (bmanning)
And I haven't quite forgotten the rather vicious personal attack on me
made by John Brown on DNSOP, where he claimed to have no association with
ISC, even though he started chagres.net with Suzzanne Woolf who was the
ISC project manager in charge of promoting root anycast.
But I suppose that ISC hasn't made any efforts to get the message out. So
I have little doubt that not everyone has gotten the message.
Av8 Internet Prepared to pay a premium for better service?
www.av8.net faster, more reliable, better service
617 344 9000
to unsubscribe send a message to firstname.lastname@example.org with
the word 'unsubscribe' in a single line as the message text body.