Kashpureff Black List (REALLY AN OPERATIONAL QUESTION)
would an anti-kashpureff bgp feed fix the dns pollution problems similar to the anti spam black list. If yes, is it collusion which would be prosecutable? If no, what are the TECHNICAL reasons it wouldn't work. Eric
On Wed, Jul 23, 1997 at 09:53:42AM -0400, Eric Germann wrote:
would an anti-kashpureff bgp feed fix the dns pollution problems similar to the anti spam black list. If yes, is it collusion which would be prosecutable? If no, what are the TECHNICAL reasons it wouldn't work.
Eric
No, because *ANY* nameserver which gets the pollution can then pollute you. Since you can't cut off EVERY nameserver with such a feed, it is pointless to attempt it. -- -- Karl Denninger (karl@MCS.Net)| MCSNet - The Finest Internet Connectivity http://www.mcs.net/~karl | T1's from $600 monthly to FULL DS-3 Service | 99 Analog numbers, 77 ISDN, http://www.mcs.net/ Voice: [+1 312 803-MCS1 x219]| NOW Serving 56kbps DIGITAL on our analog lines! Fax: [+1 312 803-4929] | 2 FULL DS-3 Internet links; 400Mbps B/W Internal
Karl Denninger boldly claimed:
On Wed, Jul 23, 1997 at 09:53:42AM -0400, Eric Germann wrote:
would an anti-kashpureff bgp feed fix the dns pollution problems similar to the anti spam black list. If yes, is it collusion which would be prosecutable? If no, what are the TECHNICAL reasons it wouldn't work.
Eric
No, because *ANY* nameserver which gets the pollution can then pollute you.
Since you can't cut off EVERY nameserver with such a feed, it is pointless to attempt it.
Correct. The proper way to handle this is to install the latest bind (8.1.1) or 4.9.6 (but 8.1.1 is better :), and it will make it so folks can't inject bogon data into your nameservers. - jared -- ----------------- jared@puck.nether.net - Nether Network ------------------ For a good time, look at http://www.izzy.net/~janc/tour/ For a worse time, look at http://puck.nether.net/
participants (3)
-
Eric Germann
-
Jared Mauch
-
Karl Denninger