Re: [dnsext] enough is enough
Mark Andrews <marka@isc.org> Mon, 22 December 2014 04:07 UTC
Return-Path: <marka@isc.org>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A9FD61A0099 for <dnsext@ietfa.amsl.com>; Sun, 21 Dec 2014 20:07:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0liKIBx-pLeW for <dnsext@ietfa.amsl.com>; Sun, 21 Dec 2014 20:07:02 -0800 (PST)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [IPv6:2001:500:60::65]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 097A91A009E for <dnsext@ietf.org>; Sun, 21 Dec 2014 20:07:02 -0800 (PST)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) by mx.ams1.isc.org (Postfix) with ESMTP id CD0FA1FCAB3; Mon, 22 Dec 2014 04:06:57 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 882A2160066; Mon, 22 Dec 2014 04:12:14 +0000 (UTC)
Received: from rock.dv.isc.org (c211-30-183-50.carlnfd1.nsw.optusnet.com.au [211.30.183.50]) by zmx1.isc.org (Postfix) with ESMTPSA id 5255716004E; Mon, 22 Dec 2014 04:12:14 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id 890E4263B845; Mon, 22 Dec 2014 15:06:53 +1100 (EST)
To: Jim Reid <jim@rfc1035.com>
From: Mark Andrews <marka@isc.org>
References: <20141220125805.GB20765@xs.powerdns.com> <20141220142506.C7EA12630502@rock.dv.isc.org> <A78F8417-AEA2-42BF-A7D5-96FE99DCBBBE@rfc1035.com> <20141220204337.4F47026313BC@rock.dv.isc.org> <7A31183A-CC1E-4F0A-A2EA-848B10B60A2B@insensate.co.uk> <E732A2F7-E467-4940-8A66-726FC894B4B3@frobbit.se> <20141221094454.GC13389@xs.powerdns.com> <11AD7639-D2AA-41F4-ACA4-70190E449253@rfc1035.com>
In-reply-to: Your message of "Sun, 21 Dec 2014 10:18:19 -0000." <11AD7639-D2AA-41F4-ACA4-70190E449253@rfc1035.com>
Date: Mon, 22 Dec 2014 15:06:53 +1100
Message-Id: <20141222040653.890E4263B845@rock.dv.isc.org>
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsext/UwFkIGUqZ5ye-0INHZMtD4mbbM0
Cc: DNSEXT Group Working <dnsext@ietf.org>, bert hubert <bert.hubert@netherlabs.nl>
Subject: Re: [dnsext] enough is enough
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext/>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Dec 2014 04:07:07 -0000
In message <11AD7639-D2AA-41F4-ACA4-70190E449253@rfc1035.com>, Jim Reid writes: > On 21 Dec 2014, at 09:44, bert hubert <bert.hubert@netherlabs.nl> wrote: > > > This would then come with a website with further explanations, and > perhaps > > even a registry of faults that has been decided we're not going to fix. > > Bert, your prototype email is all very well. Of course it would be nice > if there was some botnet (say) which went looking for these broken DNS > servers and sent an email from the aa=0 police like the one you suggested. > > However this is howling at the moon. For decades the DNS industry has > been unable to get people to fix their lame delegations or get them to > stop using BIND8 or to use software which does EDNS or... So an attempt > along these lines to fix the aa=0 problem will be yet another Epic Fail. > If DNS lameness can't be cured, contacting registrants -- assuming that > was possible and it isn't -- to get software replaced surely won't > succeed either. To my knowledge no one has attempted to get nameservers upgraded by sending email to delegated server operators. Sending email to TLD operators does have a effect. Whether that can be replicated the next level down we need to see. Additionally classic lameness will come back over time as it is a configuration issue. Once you fix software it stays fixed. The more TLD operators that come on board the more likely it is to succeed. A DNS hosters getting complaints from all TLD operators is much more likely to pay attention to them. Similarly individual operators in multiple TLDs. > Everyone here should already know by now that contacting registrants en > masse will never produce the desired outcome. We should also know why > that approach is guaranteed to fail every time. Now who was it that said > "The definition of insanity is doing the same thing over and over again, > but expecting different results"? > The only sensible approach to take here is to notify the vendors of the > broken software and hope they do the Right Thing. If they don't, or their > customers can't/won't upgrade, the rest of us just have to suck it up. > 'Twas ever thus. At least the DNS developer community is small and fairly > easy to reach. Vendors also need to fix their software and no the DNS developer community isn't small enough to reach everyone. Going through zone operators is the only way to reach some of the players. Ultimately the zone operators need to update their nameservers and firewalls to be DNS compliant. Expecting them to learn that the need to update without a active campain will fail. > BTW, your Subject: header is appropriate. There's been more than enough > discussion of this deeply flawed approach to fixing the aa=0 problem. > _______________________________________________ > dnsext mailing list > dnsext@ietf.org > https://www.ietf.org/mailman/listinfo/dnsext -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
- [dnsext] Empty AA=0 AD=1 answers to AAAA queries:… bert hubert
- Re: [dnsext] Empty AA=0 AD=1 answers to AAAA quer… Mark Andrews
- Re: [dnsext] Empty AA=0 AD=1 answers to AAAA quer… bert hubert
- [dnsext] getting TLDs to fix other people's probl… Jim Reid
- Re: [dnsext] getting TLDs to fix other people's p… Mark Andrews
- Re: [dnsext] getting TLDs to fix other people's p… Lawrence Conroy
- Re: [dnsext] getting TLDs to fix other people's p… Patrik Fältström
- [dnsext] enough is enough bert hubert
- Re: [dnsext] getting TLDs to fix other people's p… Jim Reid
- Re: [dnsext] enough is enough Jim Reid
- Re: [dnsext] enough is enough Patrik Fältström
- Re: [dnsext] Empty AA=0 AD=1 answers to AAAA quer… Alex Bligh
- Re: [dnsext] enough is enough bert hubert
- Re: [dnsext] getting TLDs to fix other people's p… Jay Daley
- Re: [dnsext] enough is enough Mark Andrews
- Re: [dnsext] enough is enough Patrik Fältström
- Re: [dnsext] enough is enough Patrik Fältström
- Re: [dnsext] enough is enough Mark Andrews
- Re: [dnsext] enough is enough Patrik Fältström
- Re: [dnsext] enough is enough Stephane Bortzmeyer