large organization nameservers sending icmp packets to dns servers.

David Schwartz davids at
Wed Aug 8 06:11:19 UTC 2007

> On Aug 7, 2007, at 4:33 PM, Donald Stahl wrote:

> > If you don't like the rules- then change the damned protocol. Stop
> > just doing whatever you want and then complaining when other people
> > disagree with you.

> I think this last part is the key.

> Remember the old adage: "My network, My rules"?  Have we forgotten that?

No, that's the point. The Internet is based on cooperation. You can run your
network however you want, but if you fail to cooperate, other people will
exercise their right to run their network how they want by blacklisting you.

> Should I not block ports for MS protocols when a new worm spreads
> because it would break the E-2-E principal?  What about spam
> filtering?  Or a myriad of other things.  Everyone here is breaking
> some RFC somehow.  And most of us don't give a rats ass.  Which is
> the way it should be.

Fine, so long as you don't break the promises you make to other networks. If
you do that, you wreck the cooperation fabric the Internet is based on.

> But when you decide that YOUR violation is MY problem to fix, then
> you are just being silly.  And worse, annoying.
> Let's all just agree to run our own networks the way we damned well
> please, as long as we are not hurting anyone else.  We just have to
> define "omplaining to you about things I b0rk'ed by myself" as
> "hurting you".  Which isn't a stretch, support costs money, and
> costing me money because you screwed up is definitely hurtful.

When you promise to provide a service to anyone who asks for it and then
fail to, you impose costs on other people. Failing to resolve names that you
claim you will resolve is just such a failure. It forces other people's
resolvers to do extra work to get the information they need or they just
can't get it.

This is, IMO, the type of cooperation failure that justifies blacklisting.


More information about the NANOG mailing list