Root Server Operators (Re: What *are* they smoking?)
Jack Bates
jbates at brightok.net
Wed Sep 17 16:38:34 UTC 2003
Aaron Dewell wrote:
> The point is, this makes a reasonable backup plan. Far from ideal, but
> we're dealing with a state-supported monopoly who can do whatever they
> want. Get this in place, then think about how to throw the monopolies
> out. This works in the meantime. They will likely compromise this far,
> even if they won't back down.
>
I'm thinking security for the long term. Even if com and net are
returned to their non-wildcard states, there are other tld's which will
continue using wildcards. Subject to a wildcard bit being implemented to
DNS, my suggested method allows for optimum performance and
functionality when DNS is being used as part of a security model.
> The TTL is 15 minutes, so your hypothetical server would be throwing away
> it's cache every 15 minutes. Then re-querying everything. You'd have to
> have a _lot_ of outgoing email to justify that.
I don't know about you, but I don't want to cache bogus information for
longer than 15 minutes. If someone sends random-string domains as the
envelope from to my mail server, I want the cache to purge itself
quickly. Yet, if they are sending the same bad address to my mail server
repetitively, I want my cache to hold the record briefly; say 15
minutes. I'd hate to see a spammer issuing jlkfsjklfsj.com 5,000 times
to my mail server in rapid succession and my recursor have to ask for it
every time. On the other side, I would hate to cache 100,000 bogus
domains for 1 day, wasting cache.
> This solution still requires increased overhead, and more modifications
> to BIND. Which has more impact on your server, this BIND overhead, or one
> additional query from your MTA? My guess is the query is cheaper overall.
> And you have to convince ISC to implement these changes, or write them
> yourself, then you have the potential cost of an unstable nameserver.
> Overall, I'd take the one addition query based on the compromise solution.
My mail server doesn't use a bind recursor, so I'll end up making the
change myself for that particular system. However, a solution needs to
be devised for the long term. The best solution is a wildcard bit.
Second to that, smart recursors and resolvers that can detect the wildcard.
-Jack
More information about the NANOG
mailing list