“Source address validation guarantees spoofing cannot happen,” said Afilias CTO Ram Mohan. “We have been exhorting the community to implement it promptly. This ensures that a resolver first determines a source address is valid before it sends back responses.” The onus lies with ISPs to find a business reason to do so on their respective infrastructures, said Jim Galvin, director of strategic relationships and technical standards at Afilias, which has source address validation implemented across its DNS infrastructure. By implementing source address validation, an ISP would then allow only traffic from its IP ranges to make DNS requests, making IP spoofing a moot point.
↧