[dns-operations] DNS deluge for x.p.ctrc.cc
Joe Greco
jgreco at ns.sol.net
Mon Feb 27 18:10:27 UTC 2006
> As has been pointed out before, this is precisely the same evolution
> of discourse we went through with open SMTP relays . . .
No, not precisely. It's the same apathy-on-the-part-of-the-last-mile-
provider problem, however, which is the root cause.
You fix the open recurser "problem" and then the next "problem" we get to
deal with is "how do we stop authoritative nameservers from answering valid
requests".
% nslookup -type=ANY aol.com.
eugh.
It's also the same failure on the part of those trying to fight the battle
to be able to find a workable solution. Note that we /closed/ all the
open SMTP relays, but the spam problem remains. So that was a retarded
fix. Those who cannot learn from the past are doomed to repeat it.
You realize of course that lack-of-BCP38 has also contributed to the spam
problem... asymmetric routing and all that...
But the reality is that the abuse of SMTP is different than the abuse of
DNS, because in the case of SMTP, you *know* the actual address of the
remote endpoint sending you spam... so BCP38 doesn't really come into
serious play. However, in the case of DNS, it's spoofing that's a
problem, so global implementation of BCP38 would in fact solve this issue.
... JG
--
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.
More information about the dns-operations
mailing list