Re: [Asrg] RFC 6471 and "listing the Internet" as a punishment

"John Levine" <johnl@taugh.com> Tue, 24 January 2012 18:46 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D74F21F84B2 for <asrg@ietfa.amsl.com>; Tue, 24 Jan 2012 10:46:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -108.792
X-Spam-Level:
X-Spam-Status: No, score=-108.792 tagged_above=-999 required=5 tests=[AWL=1.907, BAYES_00=-2.599, HABEAS_ACCREDITED_SOI=-4.3, RCVD_IN_BSP_TRUSTED=-4.3, URI_NOVOWEL=0.5, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fFP-gkz-jCUq for <asrg@ietfa.amsl.com>; Tue, 24 Jan 2012 10:46:48 -0800 (PST)
Received: from leila.iecc.com (leila6.iecc.com [IPv6:2001:470:1f07:1126:0:4c:6569:6c61]) by ietfa.amsl.com (Postfix) with ESMTP id E5BB621F84C5 for <asrg@irtf.org>; Tue, 24 Jan 2012 10:46:47 -0800 (PST)
Received: (qmail 2771 invoked from network); 24 Jan 2012 18:46:41 -0000
Received: from leila.iecc.com (64.57.183.34) by mail1.iecc.com with QMQP; 24 Jan 2012 18:46:41 -0000
Date: 24 Jan 2012 18:46:19 -0000
Message-ID: <20120124184619.98520.qmail@joyce.lan>
From: "John Levine" <johnl@taugh.com>
To: asrg@irtf.org
In-Reply-To: <4F1EF96D.8010708@gmail.com>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 7bit
Subject: Re: [Asrg] RFC 6471 and "listing the Internet" as a punishment
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Jan 2012 18:46:48 -0000

>Following with RFC 6471, would it be possible to do a split zone 
>(abusive/non-abusive), sending abusive IPs to do their loopups from IP 
>addresses in TEST-NET RFC-5735 addresses?

In principle, although it's a little tricky since the setup is usually
something like this:

(at TLD)
example.net NS foo.example.net <-- main name server that does split horizon

(at foo.example.net)
dnsbl.example.net NS rbldnsd.example.net <-- the server that's getting hammered

So the server that's getting overloaded has to tell the server above
what lies to tell.

R's,
John