To:
Ted.Hardie@nominum.com
CC:
dnsop@cafax.se
From:
Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Date:
Wed, 30 Oct 2002 09:57:21 +0859 ()
In-Reply-To:
<200210291742.JAA30504@geode.he.net> from Ted Hardie at "Oct 29,2002 09:42:40 am"
Sender:
owner-dnsop@cafax.se
Subject:
Re: DoS and anycast
Ted Hardie; > > Isn't prevention of DoS attack on root servers a good enough reason > > to deploy anycast? > > > > Masataka Ohta > > No. > > Deploying anycast services (outside the RFC-1930 compliant methods > currently in use) lessens the effect of a DoS attack, but at the cost > of risking the integrity of the data provided by the service. As I pointed it out several times already, anycast root servers is the protection from forged route that the risk of getting forged data is reduced. > Once > the data is adequately protected against that risk, What is the current protection against the forged data? Today, it is so easy to forge route to root servers and the data. Masataka Ohta #---------------------------------------------------------------------- # To unsubscripbe, send a message to <dnsop-request@cafax.se>.