North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: COM/NET informational message
- From: Edward Lewis
- Date: Fri Jan 03 15:50:43 2003
At 12:26 -0800 1/3/03, just me wrote:
Am I the only one that finds this perversion of the DNS protocol
abhorrent and scary? This is straight up hijacking.
It's scary but I'm not sure it's abhorrent.
The DNS is hit by a lot of bad traffic. E.g., a presentation at the
previous nanog (http://www.nanog.org/mtg-0210/wessels.html) mentioned
that just about 2% of traffic at the roots is "healthy" traffic.
Over the years, there have been servers for 10.in-addr.arpa just to
suck up queries that should have never leaked out the source networks.
It's encouraging that there is an effort to try to clean up the
reasons for bad traffic. It's scary because in some sense the
response is not true (I wouldn't call it hijacking), but when you are
trying to cull out incompatible older editions of software, there's
no safe route (no 'fail safe' method).
And yes, the approach mentioned is optimized for DNS resolution for
web access. Hopefully this doesn't trap, for example, unwary SSH
connections.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis +1-703-227-9854
ARIN Research Engineer
|
