[dns-operations] Too Open (Was: OpenDNS makes your Internet work better

[Brad Knowles]

At 1:11 AM -0400 2006-07-14, John Payne wrote:

>  I did.  I got 4 different answers in 2 different /24s.
>
>  I also tracerouted.  Of the 6 IPs, I see 3 of them over the equinix
>  ashburn nap, two over xo and one over verio

Fine.  So you saw multiple distinct routes from each of the sites 
where you tested from.

I bet those sites were all pretty well-connected, eh?  Otherwise, you 
probably wouldn't be using them, and you wouldn't be on this list?


So, what do you tell the guy who sees the exact same route for all of 
them, and then that one site goes down but the routing advertisment 
to them is not retracted?

Just because you see a perfect world where the sky is blue, the grass 
is green, etc... doesn't necessarily mean that everyone else in the 
world will see the same world or see it the same way, especially when 
you've got all kinds of "weird" stuff going on behind the scenes.

>  Then I got bored.   I never saw the same /24 from all 6 tlds.

A single positive example does not prove your case.  A multitude of 
positive examples does not prove your case.  A single negative 
example will destroy your case, however.

All I'm saying is that when you play these kinds of games on the 
"Internet Wild West", odds are that sooner or later it's all gonna go 
pear-shaped for someone, somewhere.  All we can do is try to help 
reduce the probability of that happening, and try to help reduce the 
amount of damage that will occur when it does happen.

-- 
Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

  Founding Individual Sponsor of LOPSA.  See <http://www.lopsa.org/>.