Re: [DNSOP] DNS-Server distribution statistics

william manning <chinese.apricot@gmail.com> Mon, 13 February 2017 00:25 UTC

Return-Path: <chinese.apricot@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B8331294B8 for <dnsop@ietfa.amsl.com>; Sun, 12 Feb 2017 16:25:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LxrDmsBx7nf0 for <dnsop@ietfa.amsl.com>; Sun, 12 Feb 2017 16:25:30 -0800 (PST)
Received: from mail-it0-x234.google.com (mail-it0-x234.google.com [IPv6:2607:f8b0:4001:c0b::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E7703129417 for <dnsop@ietf.org>; Sun, 12 Feb 2017 16:25:29 -0800 (PST)
Received: by mail-it0-x234.google.com with SMTP id c7so62141880itd.1 for <dnsop@ietf.org>; Sun, 12 Feb 2017 16:25:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=s2NFUR533zvY1yDb2unu6JH8WjlVEK06uJdGz3mtN80=; b=UpsmQEA9Bd74NwXb3SO0q+Im/dQE+wS0p5Xsh2qTtKWdCmUIsF/UWEsBTMHc36AlFj 2ypvuqo6usoroyItRT3gr2NQpgJXemtyuRUtUeyZlw9i0oxU1wMsYZkCltKeizrnqzBu QOMnH8CD0VMxsJRFEg3NjPp1CksKaDPtbA3AP4CyMQSqnEo08yvsD0BC+vH6Lw8ATE/+ Uyf3Dd4Ci6lRuNfrZ0Y0Coa8ilmiy0hVrduBQPrhv/homhixmoQmO4hIicKe5RjLlcfM 5/VuGhvaGaK70ttfNW2lqKowpySk0nLix9NSbhclozXfWvwsQ71gMMHSSw0UvVajG4hg Ydhg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=s2NFUR533zvY1yDb2unu6JH8WjlVEK06uJdGz3mtN80=; b=KtSu90s1c/OxDoqKMmVDkgDEMD2DIEkxm+XuZpnL3zE2CpBRUbu1ucGzJsbIwA0HkC NgVyzZnmlCeCH+QSKwxrrB5Cd3A9vU7P0YTITV8od0KnzJ6bqb1TpV10OXnktAYxiN7h ZvGyXc2ru+tcoWlkXHdWZqjN/3a+2vpX5UE5sh9U5Il3+radZNsFTSmtklXTFP1ec1d+ R9pg4oH7bKcywBP4n1gunEr3tzZbcKHCsFFTxQq5TD11p6v76gJamkEQo+ogDPafGRwi hEE2EUtuVY2ZuTBFl6jQoDo4zL3wtM5q2drkkJ4mBbpkHFCdWvJ1rOdrBp8susZeoCn8 v6CQ==
X-Gm-Message-State: AMke39lvhHJ8UcXYMGrd2zaK90g7pgAT2CrJqdoNWs1a57FIx1lN6WSmp9EFeVgHJyheO9Throxtkz0grwiz7Q==
X-Received: by 10.107.147.6 with SMTP id v6mr21141864iod.235.1486945529218; Sun, 12 Feb 2017 16:25:29 -0800 (PST)
MIME-Version: 1.0
Received: by 10.107.159.209 with HTTP; Sun, 12 Feb 2017 16:25:28 -0800 (PST)
In-Reply-To: <CAHw9_iLSN6_G8TcjpKvOTDNx14L+skZyKDpzm2Bo7nUp9_w7rQ@mail.gmail.com>
References: <20170211224923.78115C0660@smtp.hushmail.com> <667F88F0-FD47-41C6-8A66-581070395FC0@vpnc.org> <A05B583C828C614EBAD1DA920D92866BD06D902B@PODCWMBXEX501.ctl.intranet> <CAKr6gn0wdesHON0-Spy7uEuCtRZ97Znk88LRf6==w=1eZzv-Mw@mail.gmail.com> <CAHw9_iLSN6_G8TcjpKvOTDNx14L+skZyKDpzm2Bo7nUp9_w7rQ@mail.gmail.com>
From: william manning <chinese.apricot@gmail.com>
Date: Sun, 12 Feb 2017 16:25:28 -0800
Message-ID: <CACfw2hgDV+LEa08qUwpFv8-cYkJ9qovF3OTT9hSMsm2pCd7oiQ@mail.gmail.com>
To: Warren Kumari <warren@kumari.net>
Content-Type: multipart/alternative; boundary=94eb2c05be5611d1f305485e7c73
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/Zz_u1SCUngOwLKoAMg2k7ho6VXc>
Cc: dnsop <dnsop@ietf.org>, George Michaelson <ggm@algebras.org>
Subject: Re: [DNSOP] DNS-Server distribution statistics
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Feb 2017 00:25:32 -0000

which is why, Warren, that modern fingerprinting does not rely on what the
server lies about.

/W

On Sun, Feb 12, 2017 at 2:56 PM, Warren Kumari <warren@kumari.net> wrote:

> On Sun, Feb 12, 2017 at 5:44 PM, George Michaelson <ggm@algebras.org>
> wrote:
> > I have never entirely got with the people who think obscuring version
> > information is necessary and correct. Designing for the bad actors
> > presupposes they will somehow magically not attack you, simply because
> > you obscured the version info.
> >
> > Root ops (I may misremember) stand out in my mind as a group who have
> > from time to time said "we don't feel we need, or should tell you
> > that"
> >
> > So on the whole, I think we should explore this "what version are you"
> > question more, and possibly do better at flagging it.
> >
> > Having said which: people lie all the time. Either by intent, or
> > because they reply with information which was correct when they set
> > it, but has aged out.
>
> https://puck.nether.net/~jared/version.bind.results.20160402.txt
>
> What?!!!! You don't believe that there is at least one person running
> version 3.14159? How 'bout "19,800yen"?
> Surely you don't doubt that "An Italian is COMBING his hair in
> suburban DES MOINES!"
>
> Still, nice to know that someone is keeping the love with a "C=64 with
> Final Cartridge II and 1541 discdrive"
>
> W
>
>
> > So even with the best of intentions,
> > version-flagging needs to be taken with a grain of salt.
> >
> > -G
> >
> > On Sun, Feb 12, 2017 at 9:55 PM, Woodworth, John R
> > <John.Woodworth@centurylink.com> wrote:
> >> -----Original Message-----
> >> From: DNSOP [mailto:dnsop-bounces@ietf.org] On Behalf Of Paul Hoffman
> >>>
> >>> On 11 Feb 2017, at 17:49, Allan Liska wrote:
> >>>
> >>> > ISC runs a monthly survey of DNS statistics:
> >>> > https://ftp.isc.org/www/survey/reports/current/fpdns.txt (this is
> from
> >>> > January 2017).
> >>> > Information about the survey is here:
> >>> > https://ftp.isc.org/www/survey/reports/current/survey.html
> >>> > Not sure how useful their data is, but they have been doing it for a
> >>> > long time, so they have great trending analysis.
> >>>
> >>> Do note, however, that fingerprinting DNS servers has gotten much
> harder
> >>> over time, so take the results with a very large grain of salt. For
> >>> example, the software that runs that survey seems to think that there
> >>> are no versions of BIND 9 since 9.4.0a0.
> >>>
> >>
> >> Thanks Paul!
> >>
> >> I was wondering about that.  Figured there would be more people at least
> >> near the bleeding-edge.
> >>
> >>
> >> Thanks,
> >> John
> >>
> >>> --Paul Hoffman
> >>>
> >>> _______________________________________________
> >>> DNSOP mailing list
> >>> DNSOP@ietf.org
> >>> https://www.ietf.org/mailman/listinfo/dnsop
> >>
> >>
> >> -- THESE ARE THE DROIDS TO WHOM I REFER:
> >> This communication is the property of CenturyLink and may contain
> confidential or privileged information. Unauthorized use of this
> communication is strictly prohibited and may be unlawful. If you have
> received this communication in error, please immediately notify the sender
> by reply e-mail and destroy all copies of the communication and any
> attachments.
> >>
> >> _______________________________________________
> >> DNSOP mailing list
> >> DNSOP@ietf.org
> >> https://www.ietf.org/mailman/listinfo/dnsop
> >
> > _______________________________________________
> > DNSOP mailing list
> > DNSOP@ietf.org
> > https://www.ietf.org/mailman/listinfo/dnsop
>
>
>
> --
> I don't think the execution is relevant when it was obviously a bad
> idea in the first place.
> This is like putting rabid weasels in your pants, and later expressing
> regret at having chosen those particular rabid weasels and that pair
> of pants.
>    ---maf
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>