At 07:48 PM 2/16/97 -0500, Avi Freedman wrote:
It seems to me, Jim, that a reasonable person would assume that he allows access to the services that it's supposed to provide (DNS), but reserves the right to 'F'ilter services that are immaterial to the DNS functionality.
I think actually the question that Jim was asking is whether Paul filters access to the root name server he runs based on his Spam Blacklist. It seems to be a valid question. Justin Newton Network Architect Erol's Internet Services
"Justin W. Newton" writes:
At 07:48 PM 2/16/97 -0500, Avi Freedman wrote:
It seems to me, Jim, that a reasonable person would assume that he allows access to the services that it's supposed to provide (DNS), but reserves the right to 'F'ilter services that are immaterial to the DNS functionality.
I think actually the question that Jim was asking is whether Paul filters access to the root name server he runs based on his Spam Blacklist.
No. The whole thing was started when Paul stated that he permitted a particular root name server to be pinged and tracerouted "against his better judgement", meaning he's pondered filtering particular classes of traffic. Perry
I think actually the question that Jim was asking is whether Paul filters access to the root name server he runs based on his Spam Blacklist. It seems to be a valid question.
Yes, I do. I have no opinion on whether spammers should or should not be able to reach any given root name server, including "mine", but for the time being I lack the hardware needed to firewall f.root-servers.net differently than I do the rest of my network.
I think actually the question that Jim was asking is whether Paul filters access to the root name server he runs based on his Spam Blacklist. It seems to be a valid question.
Paul wrote:
Yes, I do. I have no opinion on whether spammers should or should not be able to reach any given root name server, including "mine", but for the time being I lack the hardware needed to firewall f.root-servers.net differently than I do the rest of my network.
Uh, that is a serious issue. If you filter the root server that you run according to your "spam list", then you are not providing a public service on equal footing to all comers. I dislike spam and UCE as much as the next person, but I find this kind of policy statement and implementation abhorrent when you're talking about a *public* resource. If you wish to do that its fine with me, but then F.root-servers.net needs to be replaced by a machine which is not subject to these filters. Root servers aren't private things, expecially when you hold them out to the public... -- -- Karl Denninger (karl@MCS.Net)| MCSNet - The Finest Internet Connectivity http://www.mcs.net/~karl | T1's from $600 monthly to FULL DS-3 Service | 99 Analog numbers, 77 ISDN, Web servers $75/mo Voice: [+1 312 803-MCS1 x219]| Email to "info@mcs.net" WWW: http://www.mcs.net/ Fax: [+1 312 803-4929] | 2 FULL DS-3 Internet links; 400Mbps B/W Internal
On Tue, 18 Feb 1997, Paul A Vixie wrote:
Yes, I do. I have no opinion on whether spammers should or should not be able to reach any given root name server, including "mine", but for the time being I lack the hardware needed to firewall f.root-servers.net differently than I do the rest of my network.
Perhaps someone else should be running f.root-servers.net then. shag Judd Bourgeois PGP key ID 0xEDC21CA1 shagboy@world.std.com 25DDE4AF C5AFEF51 6905DC77 360F0387 To all my friends - It's not the end The earth has not swallowed me yet - 311, "Freak Out"
On Tue, 18 Feb 1997, Paul A Vixie wrote:
Yes, I do. I have no opinion on whether spammers should or should not be able to reach any given root name server, including "mine", but for the time being I lack the hardware needed to firewall f.root-servers.net differently than I do the rest of my network.
Perhaps someone else should be running f.root-servers.net then.
shag
I have no doubt we can get a community offering of an appropriate border router interface... Avi, being serious, not critical
"Racer X", nobody, using a std shell wrote:
Perhaps someone else should be running f.root-servers.net then.
Shhh. Adults are talking. Ehud
shag
Judd Bourgeois PGP key ID 0xEDC21CA1 shagboy@world.std.com 25DDE4AF C5AFEF51 6905DC77 360F0387 To all my friends - It's not the end The earth has not swallowed me yet - 311, "Freak Out"
Judd writes:
Paul A Vixie wrote:
Yes, I do. I have no opinion on whether spammers should or should not be able to reach any given root name server, including "mine", but for the time being I lack the hardware needed to firewall f.root-servers.net differently than I do the rest of my network.
Perhaps someone else should be running f.root-servers.net then.
And the reason for that would be? It's not like failing to reach f.root-servers.net will deny service to anyone (you try g, h, a, b... if you can't get through). If this were more widely deployed to more of them that might be cause for some complaint by the spammers that they were being discriminated against. But one of the 15 or so being unavailable to... let's see, counting it up it looks like around 12 class C sized nets and 4 individual host machines is barely a statistical blip. In the worst case, DNS lookups at those sites take twice as long in 1 in 15 cases, and much less in practice if their lookup software has any brains and stops querrying roots it doesn't get responses from. On the other hand, not having a real root server at the site where the currently standard DNS software is being developed would have obvious disadvantages for everyone on the net, spammers included, as it would make the test/qualification/ bug resolution cycle much less coordinated. Please explain why this is in reality enough of a problem for anyone: spammers, the whole net, anyone... that it is worth further time on the list... -george william herbert gherbert@crl.com
On Wed, 19 Feb 1997, George Herbert wrote:
It's not like failing to reach f.root-servers.net will deny service to anyone (you try g, h, a, b... if you can't get through). If this were more widely deployed to more of them that might be cause for some complaint by the spammers that they were being discriminated against. But one of the 15 or so being unavailable to... let's see, counting it up it looks like around 12 class C sized nets and 4 individual host machines is barely a statistical blip. In the worst case, DNS lookups at those sites take twice as long in 1 in 15 cases, and much less in practice if their lookup software has any brains and stops querrying roots it doesn't get responses from.
Sigh.. the point is that we have 9 (or so) root servers right now. All of those can be counted on to provide name service for anybody for anything, assuming of course that the network is okay. When someone starts blocking certain sites' access, then we basically have 8 servers. Sooner or later, someone else will decide to start blocking. Then we'll have 7. And so on, until everyone has to use different root servers. If you claim to be a root server with data for everyone, you should damn well provide that data to everyone. Otherwise, you have no right to pose as one of the root servers. shag Judd Bourgeois PGP key ID 0xEDC21CA1 shagboy@world.std.com 25DDE4AF C5AFEF51 6905DC77 360F0387 To all my friends - It's not the end The earth has not swallowed me yet - 311, "Freak Out"
Look, I think y'all are morons. 1) if someone floods Paul's network, does that not make the F root server unusuable to *everyone* ? why doesn't anyone pat him on the back for taking defensive measures to protect a public resource? Oh yeah, you know, your public library has locks on the doors, right? Oh shit, better go take the locks off, the books are public resources, everyone is supposed to have access! 2) the volume of networks that Paul blocks is SO DAMN TINY, I mean, it's infinitesimal, why are so many people wasting so much time making so much noise about it? shut up and get back to business. :p Ed -- On Thu, 20 Feb 1997, Racer X wrote:
If you claim to be a root server with data for everyone, you should damn well provide that data to everyone. Otherwise, you have no right to pose as one of the root servers.
shag
Judd Bourgeois PGP key ID 0xEDC21CA1 shagboy@world.std.com 25DDE4AF C5AFEF51 6905DC77 360F0387 To all my friends - It's not the end The earth has not swallowed me yet - 311, "Freak Out"
participants (9)
-
Avi Freedman
-
Edward Henigin
-
Ehud Gavron
-
George Herbert
-
Justin W. Newton
-
Karl Denninger
-
Paul A Vixie
-
Perry E. Metzger
-
Racer X