Re: [Asrg] RFC 6471 and "listing the Internet" as a punishment

["John R. Levine" <johnl@iecc.com>]

>Listing the world for folks overloading your system is unlikely to have
>the effect that you want, and is most likely going to impact folks who
>have no say in the configuration of the receiving mail server.

You may be right, but I have to have some sympathy for BL operators who
are getting bombed by clueless misconfigurations.

Last month the abuse.net lookup stopped working, and after poking
around, I saw that there was an enormous stream of A record queries
from Marc Perkel's spam filtering company.  They were clearly stupid,
since you need to do a TXT lookup to find out what the abuse.net
contacts are, and he wasn't doing any of those, apparently under the
misconception that abuse.net is some kind of BL.  I've had similar
problems in the past with systems in Brazil that bombed
korea.services.net.  Although I agree that it is anti-social to list
the world for every query, I'm less sure about individual query
sources that are mishehaving.

In the case of abuse.net, the A records are all non-zero anyway (the
value is the number of TXT records it'll return, to help debug clients
that have trouble with multiple TXT records), so I experimented for
a while with different return values to try to get his attention,
then finally gave up and put in a packet filter.

If it becomes more of a problem, my main DNS servers can do split horizon
DNS, so it'd probably be more effective to return NS records pointing
to loopback addresses or the like.

R's,
John