North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: F means filtered ?

  • From: George Herbert
  • Date: Wed Feb 19 21:22:20 1997

Judd writes:
> Paul A Vixie wrote:
>> Yes, I do.  I have no opinion on whether spammers should or should not be
>> able to reach any given root name server, including "mine", but for the time
>> being I lack the hardware needed to firewall differently
>> than I do the rest of my network.
>Perhaps someone else should be running then.

And the reason for that would be?

It's not like failing to reach will deny service
to anyone (you try g, h, a, b... if you can't get through).
If this were more widely deployed to more of them that might
be cause for some complaint by the spammers that they were
being discriminated against.  But one of the 15 or so being
unavailable to... let's see, counting it up it looks like around
12 class C sized nets and 4 individual host machines is barely a
statistical blip.  In the worst case, DNS lookups at those sites
take twice as long in 1 in 15 cases, and much less in practice
if their lookup software has any brains and stops querrying
roots it doesn't get responses from.

On the other hand, not having a real root server at the site
where the currently standard DNS software is being developed
would have obvious disadvantages for everyone on the net,
spammers included, as it would make the test/qualification/
bug resolution cycle much less coordinated.

Please explain why this is in reality enough of a problem for
anyone: spammers, the whole net, anyone... that it is worth
further time on the list...

-george william herbert
[email protected]
- - - - - - - - - - - - - - - - -