COM/NET informational message

• Previous message (by thread): COM/NET informational message
• Next message (by thread): COM/NET informational message
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 12:26 -0800 1/3/03, just me wrote:
>Am I the only one that finds this perversion of the DNS protocol
>abhorrent and scary? This is straight up hijacking.

It's scary but I'm not sure it's abhorrent.

The DNS is hit by a lot of bad traffic.  E.g., a presentation at the 
previous nanog (http://www.nanog.org/mtg-0210/wessels.html) mentioned 
that just about 2% of traffic at the roots is "healthy" traffic. 
Over the years, there have been servers for 10.in-addr.arpa just to 
suck up queries that should have never leaked out the source networks.

It's encouraging that there is an effort to try to clean up the 
reasons for bad traffic.  It's scary because in some sense the 
response is not true (I wouldn't call it hijacking), but when you are 
trying to cull out incompatible older editions of software, there's 
no safe route (no 'fail safe' method).

And yes, the approach mentioned is optimized for DNS resolution for 
web access.  Hopefully this doesn't trap, for example, unwary SSH 
connections.
-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis                                          +1-703-227-9854
ARIN Research Engineer

• Previous message (by thread): COM/NET informational message
• Next message (by thread): COM/NET informational message
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]