large organization nameservers sending icmp packets to dns servers.

Andrew Sullivan andrew at
Tue Aug 7 22:44:54 UTC 2007

Dear colleagues,

I apologise for replying twice in the same thread (especially as I
tend not to post here very much, on the grounds that I usually don't
know what I'm talking about).  I feel compelled to object to the
below remark, however, because I think it gets at the heart of the

On Tue, Aug 07, 2007 at 03:09:58PM -0700, Steve Gibbard wrote:
> But you may not like the choice this presents management with.  On one 
> side, they've got you telling them to follow an arbitrary standard, 

I generally agree with Steve Gibbard's point, which I take to be that
understanding the cost-benefit realm in which these discussions
happen is both crucial to achieving one's result and may reveal a
point of view one hasn't properly considered.  

I nevertheless object to the suggestion (that I think was not
actually part of Steve's main argument, please note) that we are
talking about some "arbitrary standard".  The RFCs that define DNS
are of course arbitrary in the strict sense that they could have been
otherwise: RFC103[45] could have said, "512 is the limit, sorry,
can't help you, haveanicedaycomeagain."  They're arbitrary in the
sense that, for instance, the definition of ANSI C is; or that "hook"
versus "arrow" for entailment in various formal logic systems is. 
But that's not the interesting meaning of "arbitrary" in this case.

The connotation of "arbitrary" in these discussions is that this is a
rule that isn't strictly needed.  But the fact of the matter, on the
Internet, is that if you don't follow the "arbitrary" standards for a
protocol as defined in the RFCs, then you're _not implementing the
protocol_.  That's what a protocol _is_: a set of arbitrary rules
that define how various strangers can implement systems that all
comply, without having to talk about it individually.  

If you try to put 'zMttOOOPS' into a SQL database field defined as
INT4, you get an error: it's an arbitrary rule, but one that defines
the field.  And if you try to turn off TCP for DNS, you get an error
too.  It's just that you're not the one who happens to see it.  This
is not some bizarre demand on the part of Internet weenies, demanding
that your network comply with their rules.  It's just straightforward
implementation.  As operators, I think we have an obligation to be
clear in our representation to our various management: there are
things that are required to participate in the Internet as a
compliant system.  If one rejects those things, then one is not really
participating.  We are each free to make such a decision; but where a
protocol says "TCP and UDP", one doesn't get to make up a rule that
says, "Yeah, but not for us."  That way lies the end of
interoperation.  If you don't want inter-networking, then it will work
fine.  But if you want the benefits, you have to pay the cost of
complying with the rules, even when you don't understand or care how
they affect you or everybody else.

Best regards,

Andrew Sullivan                         204-4141 Yonge Street
Afilias Canada                        Toronto, Ontario Canada
<andrew at>                              M2P 2A8
                                        +1 416 646 3304 x4110

More information about the NANOG mailing list