On 1 Apr 2007, Paul Vixie wrote:
ge@linuxbox.org (Gadi Evron) writes:
On Sun, 1 Apr 2007, Adrian Chadd wrote:
Stop trying to fix things in the core - it won't work, honest - and start trying to fix things closer to the edge where the actual problem is.
Thing is, the problem IS in the core.
nope. read what he wrote-- "it won't work, honest". the problem is on the front-end, an "edge", specifically in the way domain tasting works. does anyone really believe that there will ever again be a million domains added to the DNS in a 24-hour period? (of course not.) then why do verisign and the other TLD registries have to cope with many millions of updates per day? if we solve THAT problem, which is difficult and barely tractible, then the "dns core" will go on as before, working just fine all the while.
DNS is no longer just being abused, it is pretty much an abuse infrastructure.
do you mean DNS or do you mean every Internet technology including IP, UDP, TCP, ICMP, BGP, etc; plus most non-Internet-specific technologies including ASCII, Unicode, 32-bit, 64-bit, and binary?
"the internet, and technology in general, is no longer just being abused, it is pretty much an abuse infrastructure." <--- i'd agree with *that*. (but this is not the first time I've been irritated that I can't choose which other humans to share the galaxy with and which ones I'd like to kick out.)
I stand corrected, the Internet is obviously the problem and botnets are the very seriosu symptom, but consider: This is not a DNS server being abused, it is the infrastructure. The "network", centralized and de-centralized. So yes, DNS has become an infrastructure for abuse even if the Internet itself is not very safe. Gadi.
-- Paul Vixie