Re: [DNSOP] AS112 for TLDs
Peter Koch <pk@DENIC.DE> Mon, 14 April 2008 15:54 UTC
Return-Path: <dnsop-bounces@ietf.org>
X-Original-To: dnsop-archive@lists.ietf.org
Delivered-To: ietfarch-dnsop-archive@core3.amsl.com
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6CE253A6E8E; Mon, 14 Apr 2008 08:54:46 -0700 (PDT)
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CF6093A6AFF for <dnsop@core3.amsl.com>; Mon, 14 Apr 2008 08:54:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.249
X-Spam-Level:
X-Spam-Status: No, score=-6.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z6lDp069yjV4 for <dnsop@core3.amsl.com>; Mon, 14 Apr 2008 08:54:39 -0700 (PDT)
Received: from office.denic.de (gw-office.denic.de [81.91.160.182]) by core3.amsl.com (Postfix) with ESMTP id 50A443A6D94 for <dnsop@ietf.org>; Mon, 14 Apr 2008 08:54:39 -0700 (PDT)
Received: from x27.adm.denic.de ([10.122.64.128]) by office.denic.de with esmtp id 1JlR1Q-0004iR-US; Mon, 14 Apr 2008 17:55:08 +0200
Received: from localhost by x27.adm.denic.de with local id 1JlR13-0006MT-HX; Mon, 14 Apr 2008 17:54:45 +0200
Date: Mon, 14 Apr 2008 17:54:45 +0200
From: Peter Koch <pk@DENIC.DE>
To: IETF DNSOP WG <dnsop@ietf.org>
Message-ID: <20080414155445.GE10249@x27.adm.denic.de>
References: <20080404151957.GK1184@commandprompt.com> <C41BFEF4.75F6%john.crain@icann.org>
Mime-Version: 1.0
Content-Disposition: inline
In-Reply-To: <C41BFEF4.75F6%john.crain@icann.org>
User-Agent: Mutt/1.4.2.3i
Subject: Re: [DNSOP] AS112 for TLDs
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsop-bounces@ietf.org
Errors-To: dnsop-bounces@ietf.org
On Fri, Apr 04, 2008 at 03:51:16PM -0700, John L. Crain wrote: > I don't think the disease is life threatening. I keep hearing about the "Problem" of bogus queries to the root. It is certainly messy and ugly but from my perspective as an operator it is more of irritant than anything else. The capacity building for root operators, at least in our case, is not built around those bogus queries, it's build around other problems such as the number of hosts with weak security that are available for use in DDOS attacks. thanks, John, for bringing this up. The topic is re-occuring and for judging the cure vs. the disease we would need to know not only how widespread the disease is (in percent of the queries), but whether the patient actually suffers. Also, it would be interesting to not only watch the "bogus" queries but also at the ratio of "bogus" vs. "legitimate" queries per source IP address, also taking into account other query parameters. This would help getting an idea whether measures implemented in the average recursive full resolver would actually lead to a significant change. For the "AS112 for TLDs" I sense there is consensus to go to WGLC with maintaining the drafts' current focus. > For now I still believe the best answer is to keep answering with NXDOMAIN and hoping that one day, this is where I am delusional, that those do the querying will fix their end of the problem... Since "information leakage" has been mentioned already and additional delay is another concern on the client side, it might be worth addressing the "disease" from this end. However, we have no indication that anybody actually suffers here. So, unless we'd like to live with the topic popping up over again, we could try a "trade offs document" for a start. Not sure this will end up as something to be reasonably published as an RFC, but it might at least serve as a pointer target next time the idea comes up. -Peter _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
- [DNSOP] AS112 for TLDs Stephane Bortzmeyer
- Re: [DNSOP] AS112 for TLDs Phil Regnauld
- [DNSOP] Re: AS112 for TLDs Stephane Bortzmeyer
- Re: [DNSOP] AS112 for TLDs Joe Baptista
- Re: [DNSOP] AS112 for TLDs John Crain
- Re: [DNSOP] AS112 for TLDs Joe Baptista
- Re: [DNSOP] AS112 for TLDs John Crain
- Re: [DNSOP] AS112 for TLDs Joe Baptista
- Re: [DNSOP] AS112 for TLDs John Crain
- L-Root address change [Re: [DNSOP] AS112 for TLDs] Peter Koch
- [DNSOP] Re: L-Root address change (Was: AS112 for… Stephane Bortzmeyer
- Re: L-Root address change [Re: [DNSOP] AS112 for … bert hubert
- Re: [DNSOP] Re: L-Root address change (Was: AS112… Ralf Weber
- Re: L-Root address change [Re: [DNSOP] AS112 for … Matt Larson
- Re: L-Root address change [Re: [DNSOP] AS112 for … bmanning
- Re: L-Root address change [Re: [DNSOP] AS112 for … bert hubert
- Re: L-Root address change [Re: [DNSOP] AS112 for … bmanning
- Re: L-Root address change [Re: [DNSOP] AS112 for … bert hubert
- Re: B-Root address change [Re: [DNSOP] AS112 for … bmanning
- Re: L-Root address change [Re: [DNSOP] AS112 for … Joe Baptista
- Re: L-Root address change [Re: [DNSOP] AS112 for … JINMEI Tatuya / 神明達哉
- Re: L-Root address change [Re: [DNSOP] AS112 for … Joe Baptista
- Re: L-Root address change [Re: [DNSOP] AS112 for … John Crain
- Re: L-Root address change [Re: [DNSOP] AS112 for … Joe Baptista
- Re: [DNSOP] AS112 for TLDs William F. Maton Sotomayor
- Re: [DNSOP] AS112 for TLDs Phil Regnauld
- Re: [DNSOP] AS112 for TLDs Brian Dickson
- Re: [DNSOP] AS112 for TLDs Mark Andrews
- Re: [DNSOP] AS112 for TLDs Joe Baptista
- Re: [DNSOP] AS112 for TLDs Masataka Ohta
- Re: [DNSOP] AS112 for TLDs Elmar K. Bins
- [DNSOP] Re: AS112 for TLDs Stephane Bortzmeyer
- Re: [DNSOP] AS112 for TLDs William F. Maton Sotomayor
- [DNSOP] Re: AS112 for TLDs William F. Maton Sotomayor
- Re: [DNSOP] Re: AS112 for TLDs Mark Andrews
- Re: [DNSOP] Re: AS112 for TLDs William F. Maton Sotomayor
- Re: [DNSOP] AS112 for TLDs Edward Lewis
- Re: [DNSOP] AS112 for TLDs Mohsen Souissi
- Re: [DNSOP] AS112 for TLDs William F. Maton Sotomayor
- [DNSOP] Re: AS112 for TLDs Stephane Bortzmeyer
- Re: [DNSOP] Re: AS112 for TLDs Joe Baptista
- Re: [DNSOP] Re: AS112 for TLDs Paul Vixie
- Re: [DNSOP] Re: AS112 for TLDs Joe Baptista
- Re: [DNSOP] Re: AS112 for TLDs Mark Andrews
- Re: [DNSOP] Re: AS112 for TLDs Mark Andrews
- Re: [DNSOP] Re: AS112 for TLDs Mark Andrews
- Re: [DNSOP] Re: AS112 for TLDs Joe Baptista
- Re: [DNSOP] Re: AS112 for TLDs Mark Andrews
- Re: [DNSOP] Re: AS112 for TLDs Edward Lewis
- Re: [DNSOP] Re: AS112 for TLDs Paul Vixie
- Re: [DNSOP] Re: AS112 for TLDs Joe Baptista
- Re: [DNSOP] Re: AS112 for TLDs Mark Andrews
- Re: [DNSOP] Re: L-Root address change (Was: AS112… Florian Weimer
- [DNSOP] Re: AS112 for TLDs Stephane Bortzmeyer
- Re: [DNSOP] AS112 for TLDs Florian Weimer
- Re: [DNSOP] Re: AS112 for TLDs Florian Weimer
- Re: [DNSOP] AS112 for TLDs Sebastian Castro Avila
- Re: [DNSOP] AS112 for TLDs Edward Lewis
- Re: [DNSOP] AS112 for TLDs Sebastian Castro
- Re: [DNSOP] AS112 for TLDs William F. Maton Sotomayor
- Re: [DNSOP] AS112 for TLDs Edward Lewis
- Re: [DNSOP] AS112 for TLDs Joe Abley
- Re: [DNSOP] AS112 for TLDs Paul Vixie
- Re: [DNSOP] AS112 for TLDs Andrew Sullivan
- Re: [DNSOP] AS112 for TLDs Edward Lewis
- Re: [DNSOP] AS112 for TLDs Mark Andrews
- Re: [DNSOP] AS112 for TLDs bmanning
- Re: [DNSOP] AS112 for TLDs Mark Andrews
- Re: [DNSOP] AS112 for TLDs Andrew Sullivan
- Re: [DNSOP] AS112 for TLDs David Conrad
- Re: [DNSOP] AS112 for TLDs Andrew Sullivan
- Re: [DNSOP] AS112 for TLDs Frederico A C Neves
- Re: [DNSOP] AS112 for TLDs David Conrad
- Re: [DNSOP] AS112 for TLDs bmanning
- Re: [DNSOP] AS112 for TLDs Andrew Sullivan
- Re: [DNSOP] AS112 for TLDs David Conrad
- Re: [DNSOP] AS112 for TLDs Edward Lewis
- Re: [DNSOP] AS112 for TLDs John L. Crain
- Re: [DNSOP] AS112 for TLDs Mark Andrews
- Re: [DNSOP] AS112 for TLDs Joe Baptista
- Re: [DNSOP] AS112 for TLDs bmanning
- Re: [DNSOP] AS112 for TLDs Florian Weimer
- Re: [DNSOP] AS112 for TLDs Joe Baptista
- Re: [DNSOP] AS112 for TLDs Florian Weimer
- Re: [DNSOP] AS112 for TLDs Joe Baptista
- Re: [DNSOP] AS112 for TLDs Dean Anderson
- Re: [DNSOP] AS112 for TLDs Andrew Sullivan
- Re: [DNSOP] AS112 for TLDs Joe Baptista
- Re: [DNSOP] AS112 for TLDs Mark Andrews
- Re: [DNSOP] AS112 for TLDs Jaap Akkerhuis
- Re: [DNSOP] AS112 for TLDs Dean Anderson
- Re: [DNSOP] AS112 for TLDs Peter Koch
- Re: [DNSOP] AS112 for TLDs William F. Maton Sotomayor
- Re: [DNSOP] AS112 for TLDs Paul Vixie
- Re: [DNSOP] AS112 for TLDs Warren Kumari