Dns-operations mailing list

[Jeff Taylor <shdwdrgn AT sourpuss.net>]

OK a few things...

gparent - "lie" is such a strong word.  Its not like I'm trying to sell 
something here.  My intent was to compare a single server using 
whitelisting to the SAME server being hammered by attacks. Apparently 
that wasn't as obvious as I thought it would be.

Regarding all Tier-2 servers using whitelisting...  This project is 
still a democracy, nobody is forcing anyone to do anything.  I said 
*MAY* because there is always the possibility in the future, and when we 
are designing new options we should consider all possibilities.

Will - Actually wget IS available under Windows, which is one of the 
reasons why I like it as an option.  Not available by default under 
Mac?  WTF?  I thought Mac was supposed to be a decent OS.  That's like 
leaving out the SSH command (glares at Windows).  Anyway, there appears 
to be some new command-line improvements in Win7 that will allow us to 
perform the same function as a wget without requiring any extra software 
to be installed.  And if nothing else, I may be able to implement the 
same function into an FTP connection, but we'll see what happens...

Yeah I agree that whitelisting will require a little more effort on the 
part of users, but this should be one of those things where we provide 
you a short set of instructions (or maybe even a batch file or bash 
script), you set it up once and then you forget about it. There 
shouldn't be any hassle involved, and we are trying to make the process 
as painless as possible.  However as a small project, we simply don't 
have the resources that Google has.  We cannot weather these attacks 
forever.  We can always hope that with new trend towards NTP attacks, 
DNS will be mostly forgotten and these attacks will dwindle away and 
leave us alone -- but this is the internet, and we know better.