On-going Internet Emergency and Domain Names
Roland Dobbins
rdobbins at cisco.com
Sat Mar 31 16:44:59 UTC 2007
On Mar 31, 2007, at 9:20 AM, Paul Vixie wrote:
> fundamentally, this isn't a dns technical problem, and using dns
> technology
> to solve it will either not work or set a dangerous precedent. and
> since
> the data is authentic, some day, dnssec will make this kind of poison
> impossible.
Some SPs are doing DNS manipulation/poisoning now for various
reasons, with varying degrees of utility/annoyance. If those SPs
choose to manipulate their own DNS in a way which affects their own
users, that's fine; if the users don't like it, they can to
elsewhere. Some enterprises are doing the same kinds of things, with
the same options available to the user population (though not always
quite as easy to 'go elsewhere', heh).
What SPs or enterprises choose to do for/to their own user bases is
between them and their users. When we start talking about involving
registries, etc., that's when we've clearly jumped the shark.
There is no 'emergency', any more than there was an 'emergency' last
week or the week before or the month before that - after a while, a
state of 'emergency' becomes the norm, and thus the bar is raised.
It's merely business as usual, and no extraordinary measures are
required. Yes, there are ongoing, long-term problems, but they need
rationally-thought-out, long-term solutions.
'Think globally, act locally' seems a good principle to keep in mind,
along with 'Be liberal in what you accept, and conservative in what
you send'. Much unnecessary grief and gnashing of teeth would be
avoided if folks worries about what was going on in their own
networks vs. grandiose, 'fix-the-Internet'-type 'solutions' (the
appeal of the latter is that it requires no actual useful effort or
sacrifice on one's own part, merely heated rhetoric and a pointed
finger, which appeals to some of the least attractive aspects of
human nature).
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at cisco.com> // 408.527.6376 voice
Words that come from a machine have no soul.
-- Duong Van Ngo
More information about the NANOG
mailing list