[dns-operations] "Rogers: NXDOMAIN means NXSERVICE for you"
fergdawg at netzero.net
Wed Jan 3 19:41:57 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
- -- Matt Ghali <matt at snark.net> wrote:
>On Wed, 3 Jan 2007, Fergie wrote:
>> It's easy to see that, if the checks are not made somewhat more
>> bulletproof, you senselessly cut off your downstream customers.
>It's also likely that the heuristics work extremely well for the
99.98 customers using their resolvers, who have a few random Windows
boxes behind their CPE.
>Anyone doing anything more complex than that really should be
running their own caching nameserver, for a variety of reasons
besides this anyway.
>Lets be careful about demonizing ISPs for not addressing the zombie
problem, and then demonizing them again for trying to be more
If you interpreted my remarks as "demonizing" ISP's for trying
to do a Good Thing, then you misunderstood (or I was articulate
Either way, I think it's fine that they're trying to address the
problem (and it is a huge one at that) -- I can just imagine being
on the customer-end of a "false positive" and being kind of miffed. :-)
- - ferg
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.2 (Build 4075)
-----END PGP SIGNATURE-----
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
ferg's tech blog: http://fergdawg.blogspot.com/
More information about the dns-operations