[dns-operations] blocking recursers
Stephane Bortzmeyer
bortzmeyer at nic.fr
Thu Mar 23 17:11:08 UTC 2006
On Thu, Mar 23, 2006 at 07:01:16AM -1000,
Randy Bush <randy at psg.com> wrote
a message of 12 lines which said:
> i am trying to understand an ethical and legally defensible position
> with respect to strong-arming the ops of such servers to change
> their behavior.
OK, let's try.
1) Legal issues.
[IANAL] Legally, even if it were a RFC with status Total Standard, I'm
not sure it would be a solid basis, legally speaking. RFC are not
laws.
2) Ethical issues.
As I wrote, I believe it would not be very ethical to do it *today*
because few system administrators were exposed to the risks of ORNs
and to the good practice of limiting recursion. IMHO, we should do
information and propaganda, not arm-twisting, for a while. (If you
read french, an example is
http://www.bortzmeyer.org/fermer-les-recursifs-ouverts.html.)
After a suitable period of information and education time, I believe a
TLD administrator has the right to blacklist, with due process
(information, ability to unlist, etc) if a machine is a danger for the
TLD or for the Internet at-large. Do note that it is possible to find
out in an objective and neutral way if a machine is an ORN or not. It
is not arbitrary.
More information about the dns-operations
mailing list