Arrogant RBL list maintainers

Michael Holstein michael.holstein at csuohio.edu
Thu Dec 10 15:48:05 UTC 2009


> Is your network setup so chaotic that you don't know what address
> chunks are allocated by DHCP or PPP?  

Aww .. stop it, just stop. I could send the .vsd of the network overview
to everyone and there'd still be someone that'd chime in and say "Ha!
you moron .. you used ORANGE lines to interconnect things, nobody ever
does it that way".

We've drifted waaaay O/T here. But to answer a few questions :


> Maybe you misunderstood them?  What's trunking a VLAN across the core for 
> a printers subnet have to do with anything?  They were asking you to tell 
> them which of your subnets are dynamic and which are static, presumably so 
> they could remove your /16 and list just the bits of it that really are 
> dynamic or otherwise appropriate for their list.
>   

We break the /16 up into /23s and /24s (and a few /22s) based on
building/router and security class (along with a bunch of 1918 space
that we only NAT internally). What would be more chaotic? .. further
dividing a /24 just to put static stuff within a (^2) boundary?

Like many places, we run seperate internal and external DNS .. when a
user requests a static IP, they can opt to make it "external", but few
do, since we point out that when they do that, they loose the anonymity
of the "generic" rDNS.

An internal DNS entry might look like :
lastname-modelnumber.router.building.csuohio.edu
While the external entry might look like : csu-137-148-19-3.csuohio.edu

People that need remote access use our WebVPN (or client VPN) and can
then use the internal DNS to find their machine. There's little
motivation to create a static unless it's a server or printer.


> Does it matter if they label your non e-mail server IPs as dynamic space,
> and therefore put it on their DUL?  

No, not at all. As I've said all along, my beef was that as a mail-abuse
DNSBL provider, they were taking issue with our naming scheme for things
that had nothing to do with email. As several have already recognized,
we are doing the mail part correctly .. there are exactly 4 IPs that are
permitted to send mail to the Internet .. FOUR of them, all of which
have proper A=PTR, SPFv1 records, abuse@ contacts, etc.

/thread

Regards,

Michael Holstein
Cleveland State University




More information about the NANOG mailing list