On Wednesday 11 February 2004 19:41, Hallam-Baker, Phillip wrote:
DDoS is a solved problem for the core DNS. That is why Vixie used it in the
first place.
Yes, solved, because it is under DDoS all the time:
http://www.npaci.edu/online/v7.3/caida.root.html
New functionality will introduce new issues (by the way, it is already a
straightforward reason to reject new functionality). And million zombie army
is not something unreal today.
DNS root is too far from its clients to somehow affect their behavior,
implement some policy or establish some 'contract'. At the same time it has
to run at any cost. This abyss between abilities and responsibilities may be
source of many problems.
So, your 'solved' better be understood as 'solved for now, until nothing has
changed'.
E.g. LMAP deployment may introduce additional pressures: functional,
bug-related and malicious.
Excuse me for being pessimistic and being off-topic, but DNS wasn't engineered
to express reputation and trust. There is a high risk to be involved in
programming 3D shooter for exactly the Turing machine. H. Danisch states we
already do. (I currently don't think so.)
--
Viktor S. Grishchenko
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg