Schneier: ISPs should bear security burden

Joe Maimon jmaimon at ttec.com
Mon May 2 17:16:40 UTC 2005




Steven Champeon wrote:
> on Sun, May 01, 2005 at 10:40:21PM -0400, Joe Maimon wrote:
> 
>>What does the rest of the internet gain when all IPs have boilerplate 
>>reverse DNS setup for them, especialy with all these wildly differing 
>>and wacky naming "conventions"?
> 
> 
> I don't care what the rest of the Internet gains, but I can say that
> knowing something about these "wildly differing and wacky naming
> conventions" has cut my spam load down by 98% or more. By knowing who
> names their networks what, even wild-assed guesses at times have kept
> the DDoS that is spam botnets from destroying the utility of email here.
>  
> 

Thats not quite what I was asking. Would you not have preferred being 
able to do all the above simply by being able to assume that all these 
"dialup" systems would not have any RDNS?

The question restated is what is the benifit in advocating "dialup 
names" as opposed to simply recommending that dialup ranges get NO rDNS?

For spam/abuse prevention it surely is less usefull. Its much easier to 
block IP with no rDNS than to maintain a list of patterns of rDNS that 
should be blocked.

I understand that RFCs recommend/require it. I want to know about 
specific benefits to the internet at large (not to the user who now has 
rDNS)

Given a choice between ISP using unpredictable naming patterns or no 
name for dialup ranges, what would your preference be?

>>Isnt it a much simpler world where simply having rDNS lends the 
>>assumption of a supported "static" system as opposed to none?
> 
> 
> Bwahahaha. You mean "supported static systems" like:
> 
> not-a-legal-address [140.113.12.106]
> 66.domain.tld [216.109.16.66]
> customer-reverse-entry.209.213.197.128 [209.213.197.128]
> suspended.for.aup.violation [216.41.37.5]
> unassigned [66.240.153.10]
> unassigned-64.23.24.128 [64.23.24.128]
> alameda.net.has.not.owned.this.ip.for.more.then.four.years [209.0.51.16]
> nolonger.a.customer.cancelled.for.AUPviolation [209.208.31.84]
> 
> ...just to pick a few? I believe Suresh has already supplied the answer
> to the question of rDNS having anything to do with staticity.
> 
Exactly the problem.



More information about the NANOG mailing list