Re: Autonomous System Sanity Protocol Sun, 27 April 1997 06:07 UTC

Received: from cnri by id aa13227; 27 Apr 97 2:07 EDT
Received: from by CNRI.Reston.VA.US id aa02763; 27 Apr 97 2:07 EDT
Received: from mailing-list by (8.6.9/1.0) id PAA10621; Sun, 27 Apr 1997 15:57:13 +1000
Received: from munnari.OZ.AU by (8.6.9/1.0) with SMTP id PAA10586; Sun, 27 Apr 1997 15:51:09 +1000
Received: from by munnari.OZ.AU with SMTP (5.83--+1.3.1+0.56) id FA22490; Sun, 27 Apr 1997 15:51:07 +1000 (from
Received: from (valdis@LOCALHOST []) by (8.8.5/8.8.5) with ESMTP id BAA31818; Sun, 27 Apr 1997 01:51:00 -0400
Message-Id: <>
To: Bill Manning <>
Cc: Tony Li <>,,
Subject: Re: Autonomous System Sanity Protocol
In-Reply-To: Your message of "Sat, 26 Apr 1997 20:05:44 PDT." <>
References: <>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_-773495472P"; micalg=pgp-md5; protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Date: Sun, 27 Apr 1997 01:50:56 -0400
Precedence: bulk

On Sat, 26 Apr 1997 20:05:44 PDT, Bill Manning said:
> Humm, perhaps a first, rough cut might be turning on DNS Security for the
> inverse delegations all the way down.  That way you could get a "chain of
> custody" for the authoritative delegations.  You could also discriminate
> proxy aggregations... :)

Hmm.. but  first, we have  to  actually get  inverse delegations  that

Hell. In the past 5 days  on our Listserv hub,  I've seen no less than
661 *different* 'Lame  server'  messages from BIND for  the  *forward*

On the other hand, Bill  may be onto  something  here.. if we  require
that the  people get their  acts together  enough  so their nameserver
forward and  inverse tables are correct, and  get crypto keys  set up,
that would probably  nuke out all  the marginal domains  that have too
low a cluon flux  density.  It  wouldn't stop  a determined  and clued
attacker, but at least we'd probably turn off most possible origins of
"network meltdown  from    'ISP  Administration for   Dummies'"   type

				Valdis Kletnieks
				Computer Systems Engineer
				Virginia Tech