Judd writes:
Paul A Vixie wrote:
Yes, I do. I have no opinion on whether spammers should or should not be able to reach any given root name server, including "mine", but for the time being I lack the hardware needed to firewall f.root-servers.net differently than I do the rest of my network.
Perhaps someone else should be running f.root-servers.net then.
And the reason for that would be? It's not like failing to reach f.root-servers.net will deny service to anyone (you try g, h, a, b... if you can't get through). If this were more widely deployed to more of them that might be cause for some complaint by the spammers that they were being discriminated against. But one of the 15 or so being unavailable to... let's see, counting it up it looks like around 12 class C sized nets and 4 individual host machines is barely a statistical blip. In the worst case, DNS lookups at those sites take twice as long in 1 in 15 cases, and much less in practice if their lookup software has any brains and stops querrying roots it doesn't get responses from. On the other hand, not having a real root server at the site where the currently standard DNS software is being developed would have obvious disadvantages for everyone on the net, spammers included, as it would make the test/qualification/ bug resolution cycle much less coordinated. Please explain why this is in reality enough of a problem for anyone: spammers, the whole net, anyone... that it is worth further time on the list... -george william herbert gherbert@crl.com