Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: NSPs filter?

  • From: John M. Brown
  • Date: Mon Aug 05 18:11:49 2002

Or you could be a good neighbor and have your DNS answer NXDOMAIN for
the RFC1918 zones and stop the traffic before it left your network.

If you have clients that are using RFC1918 and YOUR NS's then don't
let those packets out.  Give a NXDOMAIN answer back towards them
and save us all. :)

On Mon, Aug 05, 2002 at 09:05:28AM -0400, Chris Woodfield wrote:
> I would filter only if the root server operator is complaining about 
> it...not to say I would do nothing; I would most definitely give the 
> customer a call and strongly advise them to set up a local resolver, 
> citing the volume of redundant traffic they're paying for...
> -C
> On Sun, Aug 04, 2002 at 09:15:26PM -0700, Stephen Stuart wrote:
> > 
> > > IMO, Commercial ISPs should never filter customer packets unless
> > > specifically requested to do so by the customer, or in response to a
> > > security/abuse incident.
> > 
> > Let's say the customer operates some big enterprise network, runs
> > their infrastructure in RFC1918 space ("for security," hah), and spews
> > a couple kilobits of DNS query from that RFC1918 space toward the root
> > nameservers. Assume that either pride or ignorance will prevent the
> > customer from ever asking you to filter what you know to be garbage
> > traffic. Does your rule to "never filter customer packets" mean you're
> > going to sit and watch those packets go by?
> > 
> > If yes, why?
> > 
> > Stephen

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.