[dns-operations] blocking recursers

Stephane Bortzmeyer bortzmeyer at nic.fr
Thu Mar 23 17:11:08 UTC 2006


On Thu, Mar 23, 2006 at 07:01:16AM -1000,
 Randy Bush <randy at psg.com> wrote 
 a message of 12 lines which said:

> i am trying to understand an ethical and legally defensible position
> with respect to strong-arming the ops of such servers to change
> their behavior.

OK, let's try.

1) Legal issues.

[IANAL] Legally, even if it were a RFC with status Total Standard, I'm
not sure it would be a solid basis, legally speaking. RFC are not
laws. 

2) Ethical issues.

As I wrote, I believe it would not be very ethical to do it *today*
because few system administrators were exposed to the risks of ORNs
and to the good practice of limiting recursion. IMHO, we should do
information and propaganda, not arm-twisting, for a while. (If you
read french, an example is
http://www.bortzmeyer.org/fermer-les-recursifs-ouverts.html.)

After a suitable period of information and education time, I believe a
TLD administrator has the right to blacklist, with due process
(information, ability to unlist, etc) if a machine is a danger for the
TLD or for the Internet at-large. Do note that it is possible to find
out in an objective and neutral way if a machine is an ORN or not. It
is not arbitrary.








More information about the dns-operations mailing list