Paul Wouters wrote: > On Sun, 8 Mar 2015, Brian Dickson wrote: > >> Given the diagnostic value of "any" (and similarly "RRSIG" et al), I >> would prefer deprecation of only the UDP version, via mechanisms >> that are "dig"-friendly. > > A better description would be to require "source IP verification", > so that eastlake-cookies are also an accepted method.
that wouldn't help. the reason for restricting meta-data queries is completely unrelated to source ip verification either by tcp 3-way handshake, cookies, or any other method. > > Of course, it won't really help amplifications via open resolvers that > will just actually switch to source IP verification transport. again, the next revision of olafur's document will remove all mention of amplification/reflection. that meme is dead. -- Paul Vixie
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop