Paul, How about just configuring your BIND to return errors when his queries against your server? He has got to be using you as either a primary or secondary name server. That would make everything on that machine suddenly come to a grinding halt as nothing would resolve anymore. I used to do that to customers who didn't turn off dynamic dns updates. It got their attention quick. -------------------------- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.2mbit.com ICQ: 8077511 ----- Original Message ----- From: "Paul Vixie" <vixie@vix.com> To: <nanog@merit.edu> Sent: Sunday, September 28, 2003 12:09 PM Subject: Re: Annoying dynamic DNS updates (was Re: someone from attbi please contact me ...)
Back in beta days, the official explanation given was that the DNS updating was a "value add" and that it would never be disabled as a default as a courtesy to corporate customers. Furthermore, MSFT folks have repeatedly said that the workaround is to simply configure your nameserver to silently ignore the error logs.
Well, I'm not going to disable that logging since it has been useful in signalling real attacks in the past. But the thing Microsoft needed to do with this was ensure that whoever is pirating my domain names on their home PCs get error message popups telling them to go to MSN and buy a real domain name. That is, they could be making money here rather than just giving my syslogd a headache. If MSFT would behave more
greedily
then their customer PCs would be contacting them rather than me, right? -- Paul Vixie