On Thu, Jan 16, 2014 at 11:39 AM, Andrew Sullivan <asulli...@dyn.com> wrote: > On Thu, Jan 16, 2014 at 11:32:05AM -0500, Christopher Morrow wrote: > >> pretty easy to believe that quic would be helpful right? > > Yes. It's also pretty easy to believe that ditching DNS completely in > favour of something without 8 billion warts would be helpful. > >> seems totally feasible. > > Certainly, it would be possible to standardize it. Whether it would > be "trivial" to get it deployed is quite a different matter. The > evidence to date is that there is a very, very long tail in any change > having to do with the DNS. We are still, to this day, fighting with > sysadmins who are convinced that firewall rules on TCP/53 are > perfectly reasonable, even though DNS _always_ used TCP. > > People who believe there are going to be easy fixes to the issues > coming from DNS are deluding themselves.
I totally agree... I was actually joking in my last note :( sorry for not adding the ":)" as requisite in email. So... what other options are there to solve the larger problem of: "Some service is running on a public host, and it can be used to attack a third party" where in all of these cases the third party is someone who's address has been spoofed in the src-address of a packet. -chris