[dns-operations] "Rogers: NXDOMAIN means NXSERVICE for you"

Fergie fergdawg at netzero.net
Wed Jan 3 19:41:57 UTC 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -- Matt Ghali <matt at snark.net> wrote:

>On Wed, 3 Jan 2007, Fergie wrote:
>
>> It's easy to see that, if the checks are not made somewhat more
>> bulletproof, you senselessly cut off your downstream customers.
>
>It's also likely that the heuristics work extremely well for the 
99.98 customers using their resolvers, who have a few random Windows 
boxes behind their CPE.
>
>Anyone doing anything more complex than that really should be 
running their own caching nameserver, for a variety of reasons 
besides this anyway.
>
>Lets be careful about demonizing ISPs for not addressing the zombie 
problem, and then demonizing them again for trying to be more 
responsible.
>

If you interpreted my remarks as "demonizing" ISP's for trying
to do a Good Thing, then you misunderstood (or I was articulate
enough). :-)

Either way, I think it's fine that they're trying to address the
problem (and it is a huge one at that) -- I can just imagine being
on the customer-end of a "false positive" and being kind of miffed. :-)

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.2 (Build 4075)

wj8DBQFFnAcAq1pz9mNUZTMRAja+AKDJi81CFZuNvrmzVSPOHAnKeLa21wCghVZ4
OpRgD1JYL23YqyYk+syFODA=
=RADX
-----END PGP SIGNATURE-----


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/




More information about the dns-operations mailing list