North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: On-going Internet Emergency and Domain Names (kill this thread)

  • From: Mikael Abrahamsson
  • Date: Sun Apr 01 03:16:43 2007


On Sat, 31 Mar 2007, Jeff Shultz wrote:


Does that sound about right?

If ISPs cannot be forced into running a 24/7/365 response function, I don't see the registry/registrars doing it.


Solving this at the DNS level is just silly, if you want to solve it it either you get to the core (block IP access, perhaps by BGP blacklisting) or go to level 8, ie the human level, and get these infected machines off the net permanently.

So Gadi, to accomplish what you want you need to propose to the ISPs all over the net that what you're trying to do is so important that some entity publishing a realtime blacklist is important enough that all major ISPs should subscribe to a BGP blackhole list from there. Also that this is important enough to seriously violate the distributed structure of the net today that has made it into the raging success it is today. It's not perfect, but it works, and it doesn't have a single point of failure.

... and people have very bad experiences from blacklists not being maintained properly.

--
Mikael Abrahamsson email: [email protected]