[dns-operations] blocking recursers

Rodney Joffe rjoffe at centergate.com
Sat Mar 25 21:45:26 UTC 2006

On Mar 25, 2006, at 2:21 PM, JP Velders wrote:

> OK, well my reservations about 1 and/or 2 is that they serve a much
> more "public function" (not exactly the most non ambiguous term alas).
> Thus it would go against the very nature of that service to stop
> providing that service to however small a group... :(

What if not providing service to that small group meant that the  
"larger" group i.e. the "rest of the world" had uninterrupted  
service, and conversely if that small group did not have service  
removed, the "rest of the world" continued to have intermittently  
interrupted service with varying degrees of inconvenience (to include  
catastrophic consequences)? Remember, we're talking about your "Tier  
2" here.



>>> Doing this as a massive scan (like ORDB, SORBS, etc) however is
>>> something I have reservations about.
>> because it is invasive?  or because it is too vigilante?  or ...?
> Mainly because of all the fragmentation of those "we're doing this for
> the greater good"-clubs in the SMTP world, and everybody just doing
> sweeps on netblocks, well, it's chaos at best. Doing it for IP's
> contacting you would make me feel a bit easier. ;)

Would you define this as "IP's (sic) contacting you" or as "IP's  
contacting you with malicious traffic, whether innocently or not"?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3286 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20060325/6fe6c085/attachment.bin>

More information about the dns-operations mailing list