large organization nameservers sending icmp packets to dns servers.

Patrick W. Gilmore patrick at
Wed Aug 8 14:33:56 UTC 2007

On Aug 8, 2007, at 2:11 AM, David Schwartz wrote:
>> On Aug 7, 2007, at 4:33 PM, Donald Stahl wrote:
>>> If you don't like the rules- then change the damned protocol. Stop
>>> just doing whatever you want and then complaining when other people
>>> disagree with you.
>> I think this last part is the key.
>> Remember the old adage: "My network, My rules"?  Have we forgotten  
>> that?
> No, that's the point. The Internet is based on cooperation. You can  
> run your
> network however you want, but if you fail to cooperate, other  
> people will
> exercise their right to run their network how they want by  
> blacklisting you.

So we are in violent agreement.

IOW: Your first word is incorrect.  It _IS_ my network, and you agree  
it is my network, and you agree I am allowed to run it as I please.   
In return, I agree you can run your network as you please, even if  
that includes blacklisting me.

>> Should I not block ports for MS protocols when a new worm spreads
>> because it would break the E-2-E principal?  What about spam
>> filtering?  Or a myriad of other things.  Everyone here is breaking
>> some RFC somehow.  And most of us don't give a rats ass.  Which is
>> the way it should be.
> Fine, so long as you don't break the promises you make to other  
> networks. If
> you do that, you wreck the cooperation fabric the Internet is based  
> on.

Paying $10 and registering a domain IN NOW WAY means I promised a  
bazillion people anything.

What happened to: "You can run your network however you want"?

>> But when you decide that YOUR violation is MY problem to fix, then
>> you are just being silly.  And worse, annoying.
>> Let's all just agree to run our own networks the way we damned well
>> please, as long as we are not hurting anyone else.  We just have to
>> define "omplaining to you about things I b0rk'ed by myself" as
>> "hurting you".  Which isn't a stretch, support costs money, and
>> costing me money because you screwed up is definitely hurtful.
> When you promise to provide a service to anyone who asks for it and  
> then
> fail to, you impose costs on other people. Failing to resolve names  
> that you
> claim you will resolve is just such a failure. It forces other  
> people's
> resolvers to do extra work to get the information they need or they  
> just
> can't get it.
> This is, IMO, the type of cooperation failure that justifies  
> blacklisting.

You are very, very confused.  When you ask me to resolve a name, _I_  
did not cost _you_ anything - just the opposite.  This is true  
whether I send you an A record or not.

The idea that you can force me to provide service for you without  
payment, contract, service in trade, etc., has not been true for a  
couple decades.  The idea that I might, out of the goodness of my  
heart, provide services for others is still alive and well.  But to  
expect it is only going to cause you all kinds of problems, even from  
the people who have goodness in their hearts.

But hey, feel free to disagree and blacklist away.  Your network,  
your decision. :)


More information about the NANOG mailing list