RE: Bogon stupidity... warning... operational post.
On 12/22/05 1:35 PM, "Christopher L. Morrow" <christopher.morrow@mci.com> wrote:
On Thu, 22 Dec 2005, william(at)elan.net wrote:
On Thu, 22 Dec 2005, Robert Boyle wrote:
At 12:56 PM 12/22/2005, you wrote: P.S. 204/8 was not the only problem, there were problems
133/8 as well so my apologies to people who may have noticed problems overnight.
199.128.0.0/9 too.
Yes, legacy blocks (with large number of smaller allocations) whenever datasize during processing exceeded certain amount. The bad data was present at 2 of 4 servers for duration of the night but dns was being
so 50+% of your system was hozed for some long period of time :( bad.
changes same time as well, so I don't know how much affect
but apparently considerable; this is the most serious
with 128/8 and there was problem in months.
'most serious problem in months' ... this has happened in smaller chunks during the past 'months' ? yikes... is that noted on your site so users of the 'service' will know what sorts of 'problems' they might be encountering due to their reliance on this 'service'?
I wonder how many problems cymru has had in that period? I'm guess not so many...
I mean this in a nice way, really. Look. Smiley. :) Use a blacklist, pay the price. I'd like to know how many people actually went to their boss and said "It was that guy Williams fault even though I control and am responsible for the network.....!" -M<
On Thu, 22 Dec 2005, Hannigan, Martin wrote:
Date: Thu, 22 Dec 2005 14:05:25 -0500 From: "Hannigan, Martin" <hannigan@verisign.com> Subject: RE: Bogon stupidity... warning... operational post.
[ ... ] Use a blacklist, pay the price. I'd like to know how many people actually went to their boss and said "It was that guy Williams fault even though I control and am responsible for the network.....!"
"it was the risk we took when deploying the use of this DNSbl / BGP feed / Avian carrier service / whatever, because it would save us a lot of work, time and money compared to when we'd do it all by ourselves manually, eyeballing all the mailinglists etc.". I've seen small mishaps with a faulty configured dnsbl (abuseat.org != abusat.org). But those dnsbl's keep our mailload down and quite a large chunk of Spam out (which doesn't need to get spooled, transferred for Virus and Spam scanning, and then delivered into an IMAP mailbox on "expensive" RAID5, etc.). Give me more money and people, and I'll have a team dedicated to advancing those SpamAssassin rulesets every hour, have ten times as much storage at hand, and a whole army of people to handle all the complaints of people drowning in Spam... (I can dream, can I ? ;D)
-M<
Kind regards, JP Velders
participants (2)
-
Hannigan, Martin -
JP Velders