Re: [DNSOP] Some distinctions and a request - Have some class?
manning <bmanning@karoshi.com> Mon, 06 July 2015 06:44 UTC
Return-Path: <bmanning@karoshi.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D3401A8A68 for <dnsop@ietfa.amsl.com>; Sun, 5 Jul 2015 23:44:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.21
X-Spam-Level:
X-Spam-Status: No, score=-2.21 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, J_CHICKENPOX_41=0.6, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Sa0czJCVJi3m for <dnsop@ietfa.amsl.com>; Sun, 5 Jul 2015 23:44:00 -0700 (PDT)
Received: from vacation.karoshi.com (vacation.karoshi.com [198.32.6.68]) by ietfa.amsl.com (Postfix) with ESMTP id 09BA41A8A52 for <dnsop@ietf.org>; Sun, 5 Jul 2015 23:43:54 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by vacation.karoshi.com (Postfix) with ESMTP id C6823A241D0; Sun, 5 Jul 2015 23:43:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at karoshi.com
Received: from vacation.karoshi.com ([127.0.0.1]) by localhost (vacation.karoshi.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zh9T3g_9J_NA; Sun, 5 Jul 2015 23:43:31 -0700 (PDT)
Received: from [192.168.0.12] (cpe-23-240-123-116.socal.res.rr.com [23.240.123.116]) by vacation.karoshi.com (Postfix) with ESMTPSA id EF413A241C1; Sun, 5 Jul 2015 23:43:23 -0700 (PDT)
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
Content-Type: text/plain; charset="windows-1252"
From: manning <bmanning@karoshi.com>
In-Reply-To: <C667BD6E-677A-4FC7-9B0F-191FE1B8E961@shinkuro.com>
Date: Sun, 05 Jul 2015 23:43:05 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <14A6711E-CE6F-4808-AC11-A92E8937F409@karoshi.com>
References: <20150704063120.2380.qmail@ary.lan> <017CF015-8A06-40D5-9ECF-B7B7E208C7AF@frobbit.se> <6F830DF3-9FD6-43A1-8E9A-5854958BA848@shinkuro.com> <20150705115107.GA27268@sources.org> <F8D42EF3-CF9A-4836-A798-1AD18CDB5260@redbarn.org> <C667BD6E-677A-4FC7-9B0F-191FE1B8E961@shinkuro.com>
To: Steve Crocker <steve@shinkuro.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/r_-Q0wiRXwKlZUG03Mp2l9GkYcU>
Cc: "dnsop@ietf.org" <dnsop@ietf.org>, Vixie Paul <paul@redbarn.org>
Subject: Re: [DNSOP] Some distinctions and a request - Have some class?
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Jul 2015 06:44:08 -0000
While not Paul or Stephane, I would like to point out that repeated, empirical evidence shows that simply dropping or ignoring queries has the operational effect of link saturation. A quicker, more reliable DDoS vector may not exist. I could not agree that dropping queries is sensible or prudent, if the goal is to have a workable DNS. As to delay as a mitigating strategy, well, that didm;t work so well either. The original RFC 1918 blocks had no public DNS service. We then made the mistake of standing them up. The intent was to delay the response, with an NXDOMAIN first and then a redirect into the private network. It was never flaky enough and developers built around that. This became apparent when we actually started responding authoritatively from these servers. I think it was less than an hour before Herb and Jon were in my office and we had a call with the President of the University. Neither delay, nor redirection will be effective. Either no answer or an authoritative answer give the community certainty. I’ll step back and let the experts “solve” this. manning bmanning@karoshi.com PO Box 12317 Marina del Rey, CA 90295 310.322.8102 On 5July2015Sunday, at 5:30, Steve Crocker <steve@shinkuro.com> wrote: > Stephane and Paul, > > I’m ok with anything that provides effective negative feedback. Dropping queries or redirecting them is ok with me. > > Thanks, > > Steve > > On Jul 5, 2015, at 5:11 AM, P Vixie <paul@redbarn.org> wrote: > >> Delay is expensive for responders since it requires state. Steve's goal of making some tld strings flaky so as to encourage developers to avoid DNS for those names could be met statelessly. For example delegate them to localhost. >> >> On July 5, 2015 12:51:08 PM GMT+01:00, Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote: >> On Sat, Jul 04, 2015 at 09:16:17AM -0700, >> Steve Crocker <steve@shinkuro.com> wrote >> a message of 21 lines which said: >> >> except for the additional load it places on the root servers, >> >> RFC 7535 could be a solution. >> >> I propose augmenting the DNS to include entries in the root that >> serve the purpose of giving slow NXDOMAIN responses instead of quick >> responses for those strings that the IETF has identified as not >> TLDs. >> >> If it is a serious proposal, I object. Delaying answers require >> keeping state in the authoritative name server and opens a nice DoS >> boulevard. >> >> >> DNSOP mailing list >> DNSOP@ietf.org >> https://www.ietf.org/mailman/listinfo/dnsop >> >> -- >> Sent from my Android device with K-9 Mail. Please excuse my brevity. >> _______________________________________________ >> DNSOP mailing list >> DNSOP@ietf.org >> https://www.ietf.org/mailman/listinfo/dnsop > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop
- Re: [DNSOP] back to: Some distinctions and a requ… Hugo Maxwell Connery
- Re: [DNSOP] back to: Some distinctions and a requ… Edward Lewis
- Re: [DNSOP] back to: Some distinctions and a requ… Hugo Maxwell Connery
- Re: [DNSOP] back to: Some distinctions and a requ… manning
- Re: [DNSOP] back to: Some distinctions and a requ… Hugo Maxwell Connery
- Re: [DNSOP] back to: Some distinctions and a requ… manning
- Re: [DNSOP] back to: Some distinctions and a requ… Paul Vixie
- Re: [DNSOP] back to: Some distinctions and a requ… Edward Lewis
- Re: [DNSOP] back to: Some distinctions and a requ… Edward Lewis
- Re: [DNSOP] back to: Some distinctions and a requ… Mark Andrews
- Re: [DNSOP] back to: Some distinctions and a requ… Andrew Sullivan
- Re: [DNSOP] back to: Some distinctions and a requ… manning
- Re: [DNSOP] back to: Some distinctions and a requ… Robert Edmonds
- Re: [DNSOP] back to: Some distinctions and a requ… manning
- Re: [DNSOP] back to: Some distinctions and a requ… Robert Edmonds
- Re: [DNSOP] back to: Some distinctions and a requ… manning
- Re: [DNSOP] back to: Some distinctions and a requ… Robert Edmonds
- Re: [DNSOP] back to: Some distinctions and a requ… manning
- Re: [DNSOP] Some distinctions and a request - Hav… manning
- Re: [DNSOP] Some distinctions and a request - Hav… Warren Kumari
- Re: [DNSOP] Some distinctions and a request - Hav… manning
- Re: [DNSOP] Some distinctions and a request - Hav… Patrik Fältström
- Re: [DNSOP] Some distinctions and a request - Hav… Hugo Maxwell Connery
- Re: [DNSOP] Some distinctions and a request - Hav… manning
- Re: [DNSOP] Some distinctions and a request - Hav… joel jaeggli
- Re: [DNSOP] Some distinctions and a request - Hav… Suzanne Woolf
- Re: [DNSOP] Some distinctions and a request - Hav… manning
- Re: [DNSOP] Some distinctions and a request - Hav… Warren Kumari
- Re: [DNSOP] Some distinctions and a request - Hav… Patrik Fältström
- Re: [DNSOP] Some distinctions and a request - Hav… manning
- Re: [DNSOP] Some distinctions and a request - Hav… Paul Ferguson
- Re: [DNSOP] Some distinctions and a request - Hav… John Levine
- Re: [DNSOP] Some distinctions and a request - Hav… Patrik Fältström
- Re: [DNSOP] Some distinctions and a request - Hav… Patrik Fältström
- Re: [DNSOP] Some distinctions and a request - Hav… Steve Crocker
- Re: [DNSOP] Some distinctions and a request - Hav… Suzanne Woolf
- Re: [DNSOP] Some distinctions and a request - Hav… Patrik Fältström
- Re: [DNSOP] Some distinctions and a request - Hav… Andrew Sullivan
- [DNSOP] Top level names -- precision re categorie… Steve Crocker
- Re: [DNSOP] Some distinctions and a request - Hav… John R Levine
- Re: [DNSOP] Some distinctions and a request - Hav… Ray Bellis
- Re: [DNSOP] Some distinctions and a request - Hav… Stephane Bortzmeyer
- Re: [DNSOP] Some distinctions and a request - Hav… Steve Crocker
- Re: [DNSOP] Some distinctions and a request - Hav… P Vixie
- Re: [DNSOP] Some distinctions and a request - Hav… P Vixie
- Re: [DNSOP] Some distinctions and a request - Hav… Steve Crocker
- Re: [DNSOP] Some distinctions and a request - Hav… Stephane Bortzmeyer
- Re: [DNSOP] Some distinctions and a request - Hav… Andrew Sullivan
- Re: [DNSOP] Some distinctions and a request - Hav… Evan Hunt
- Re: [DNSOP] Some distinctions and a request - Hav… Ray Bellis
- Re: [DNSOP] Some distinctions and a request - Hav… Andrew Sullivan
- Re: [DNSOP] Some distinctions and a request - Hav… manning
- Re: [DNSOP] Some distinctions and a request - Hav… Evan Hunt
- Re: [DNSOP] Some distinctions and a request - Hav… Andrew Sullivan
- Re: [DNSOP] Top level names -- precision re categ… Jaap Akkerhuis
- Re: [DNSOP] Top level names -- precision re categ… Steve Crocker