denied NS/IN
Sam Wilson
Sam.Wilson at ed.ac.uk
Thu Jan 22 16:53:33 UTC 2009
In article <gl61mf$9h6$1 at sf1.isc.org>,
Mark Andrews <Mark_Andrews at isc.org> wrote:
> In message <FB979B33-DF83-4460-A3E4-040CD165E8B9 at newgeo.com>, Scott Haneda
> writ
> es:
>
> > Is BCP 38 really as solid and plug and play as it sounds? In a
> > shared, or colo'd environment, can that ISP really deploy something
> > like this, without it causing trouble for those that assume unfettered
> > inbound and outbound traffic to their servers?
>
> Yes it is. Everyone in a colo should be able to tell you which
> source address (prefixes) they should be emitting. You filter
> everything else.
>
> The closer to the edge that you do this the easier it is to do.
Just a niggle (because we've been bitten by this): if you have
multihomed hosts you need to be careful.
Sam
More information about the bind-users
mailing list