IETF Logo Mail Archive

Re: [DNSOP] [Ext] Lameness terminology (was: Status of draft-ietf-dnsop-terminology-bis)

Mark Andrews <marka@isc.org> Thu, 03 May 2018 21:24 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0D10126CC7 for <dnsop@ietfa.amsl.com>; Thu, 3 May 2018 14:24:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4nXg2UpqfpM0 for <dnsop@ietfa.amsl.com>; Thu, 3 May 2018 14:24:43 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 08FBC126DC2 for <dnsop@ietf.org>; Thu, 3 May 2018 14:24:43 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 83A733AB045; Thu, 3 May 2018 21:24:42 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 4E379160043; Thu, 3 May 2018 21:24:42 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 0BB4116006F; Thu, 3 May 2018 21:24:42 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id NDYxCVis8Cij; Thu, 3 May 2018 21:24:41 +0000 (UTC)
Received: from [172.30.42.89] (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id 8FE30160043; Thu, 3 May 2018 21:24:41 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (1.0)
From: Mark Andrews <marka@isc.org>
X-Mailer: iPhone Mail (15E302)
In-Reply-To: <0AA87D00-17F7-4D10-A72D-E4723C4A0642@icann.org>
Date: Fri, 04 May 2018 07:24:38 +1000
Cc: Edward Lewis <edward.lewis@icann.org>, Shane Kerr <shane@time-travellers.org>, "dnsop@ietf.org" <dnsop@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <B1F34038-595E-48A5-AFB6-20F3214BB8BF@isc.org>
References: <7C873271-A784-4594-91A3-48C697EEC613@vpnc.org> <b3ed96d7-26fb-3d97-118b-39e8f352a38c@time-travellers.org> <87F43055-5B0E-4551-BD8D-241D93F9039F@icann.org> <0AA87D00-17F7-4D10-A72D-E4723C4A0642@icann.org>
To: David Huberman <david.huberman@icann.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/BIfofW-md6-Cn0lFLd4Iv6yJoZU>
Subject: Re: [DNSOP] [Ext] Lameness terminology (was: Status of draft-ietf-dnsop-terminology-bis)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 May 2018 21:24:45 -0000

It’s amazing how fast people can fix lame delegations once email and other services stop flowing. The only reason you think it is un- winnable is that you are unwilling to remove the delegation for failing to maintain a properly working configuration. 

Start removing lame delegation after fair warnings and you will see others fixing their lame delegations on initial notice.  No system works if there are not checks and balances.
-- 
Mark Andrews

> On 4 May 2018, at 01:05, David Huberman <david.huberman@icann.org> wrote:
> 
> Ed Lewis wrote:
> 
>> (Only if you like reading history:)
> 
>> The reason was a flaw in "certain old resolvers" that followed the "upwards referral" to the root that 
>> the "predominate server code of the time" had decided to use for lameness..  The result was a lot of 
>> resolver stuck in an infinite loop, hitting the root servers.  I.e., this was an operational issue.  The 
>> solution was updating and redeploying the buggy code, not stamping out lame servers (which was 
>> the goal of the task).  FWIW, the "upwards referrals" were discontinued when it became apparent 
>> they were being used in noticeable amplification attacks.
> 
> I sat on the front lines of ARIN’s war against lame delegations for the entire war.  We spent quite a few
> years testing delegations for our definition of lameness, and then notifying the listed tech-c and admin-c.
> E-mail recipients would either ignore the email, not understand the email and move on to the next thing,
> or would write-in or call-in and speak to either me or my co-worker Jon Worley. Very few lame delegations
> were fixed, even among those who called-in or wrote-in for clarification.  rDNS worked for the user, and
> they weren’t willing to change anything.
> 
> The war was unwinnable. 
> 
> /david 
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop

v2.23.0 | Report a Bug | By Email