North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: hat tip to .gov hostmasters

  • From: Michael Thomas
  • Date: Mon Sep 22 11:43:10 2008

Jason Frisvold wrote:
On Mon, Sep 22, 2008 at 11:02 AM, Chris Owen <[email protected]> wrote:
Chicken, meet egg.

I think the point of the original post is that one end or the other has to
start things. At least we have one US zone doing something on the server
end of things.

Oh, agreed, absolutely. And it's great to see. However, neither the
slashdot blurb, nor the NetworkWorld article mention that without a
valid resolver, there is no guarantee of security. Sure, they mention
that vendors are rolling it out and that ISPs should be following
suit, but no mention is made of the end-user's resolver at all...

I dunno, a few very strategically placed validating resolvers could subject
a huge amount of DNS traffic to a much higher bar were the senders so
inclined to sign their zones. But I tend to view these kinds of things much
more from an "epidemiology" point of view: you don't have to have 100%
eradication to control an epidemic. Same thing pretty much goes with internet
based attacks, IMO: when the barrier is set sufficiently high in one area,
attackers don't spend their entire time trying to break that barrier, they find the
next lowest barrier and move on.


Mike