COM/NET informational message
Edward Lewis
edlewis at arin.net
Fri Jan 3 20:48:17 UTC 2003
At 12:26 -0800 1/3/03, just me wrote:
>Am I the only one that finds this perversion of the DNS protocol
>abhorrent and scary? This is straight up hijacking.
It's scary but I'm not sure it's abhorrent.
The DNS is hit by a lot of bad traffic. E.g., a presentation at the
previous nanog (http://www.nanog.org/mtg-0210/wessels.html) mentioned
that just about 2% of traffic at the roots is "healthy" traffic.
Over the years, there have been servers for 10.in-addr.arpa just to
suck up queries that should have never leaked out the source networks.
It's encouraging that there is an effort to try to clean up the
reasons for bad traffic. It's scary because in some sense the
response is not true (I wouldn't call it hijacking), but when you are
trying to cull out incompatible older editions of software, there's
no safe route (no 'fail safe' method).
And yes, the approach mentioned is optimized for DNS resolution for
web access. Hopefully this doesn't trap, for example, unwary SSH
connections.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis +1-703-227-9854
ARIN Research Engineer
More information about the NANOG
mailing list