At 10:54 3/19/98 -0500, Eric Eden wrote:
Dalvenjah,
Thanks for your feedback. Network Solutions served over 35 million WHOIS queries in the month of January 1998. The average response time for our WHOIS service is less than 5 seconds per query.
Thank you for the statistics. Not sure of their applicability, but it's nice to know just how heavily used this database is. Hmmm...one would think that if it's that heavily hit, maybe there would be some interest in keeping it accurate, yes?
Please keep in mind that Network Solutions is not the registry for the .to domain. We recommend you contact the Tonic registry for information about .TO domain names. Their web site is www.tonic.to
And it's the Kingdom of Tonga's domain, for which Tonic is merely the Registry. However, the point has been completely missed here, Eric. The point Dal was making is that Perhaps.youwant.to FALSIFIED, LIED, FORGED, STOLE, MISAPPROPRIATED, and otherwise BS'd about their WhoIs entry: [No name] PERHAPS-HST Hostname: PERHAPS.YOUWANT.TO Address: 205.166.250.10 System: ? running ? Coordinator: HOST Networks-DNS Administration HNA-ORG hostmaster@HOST.NET 800-697-2437 Fax- 800-697-2437 Record last updated on 16-Mar-98. Database last updated on 20-Mar-98 04:11:54 EDT. [perhaps.youwant.to] Translated Name: perhaps.youwant.to IP Address: 207.89.50.3 Internet Gateway Connections (NETBLK-IGC-FL-BLK-1) 10011 Pines Boulevard - Suite 203 Pembroke Pines, Florida 33024 Netname: IGC-FL-BLK-1 Netblock: 207.89.0.0 - 207.89.127.255 Maintainer: IGCN Coordinator: Master, Host (HM511-ARIN) mike@WEB2000.NET 305-655-2955 (FAX) 305-652-5090 Domain System inverse mapping provided by: NS3.WEB2000.NET 207.89.0.10 NS4.WEB2000.NET 207.89.0.30 Record last updated on 17-Aug-96. Database last updated on 19-Mar-98 16:08:42 EDT. Traceroute confirms that youwant.to is hosted by Web2000.net. The WhoIs-listed IP is user.host.net, the machine on which Host.Net runs their webpage, FTP, et al. Not real likely they'd give that out for a hosted domain's IP. So....four days ago, youwant.to [side issue: Why does a machine, "perhaps", have a host entry in WhoIs, but the domain, "youwant.to" not?] updated their WhoIs record with a bunch of lies. THAT is the point, and the problem. What is NSI/InterNIC going to do about it, Eric?
Regards,
Eric Eden Senior Analyst Network Solutions, Inc. Phone: 703-925-6710 erice@internic.net
Spam: it's not just for breakfast anymore.... Dean Robb PC-Easy On-site computer services (757) 495-EASY [3279]
On Fri, Mar 20, 1998 at 01:45:56PM -0500, Dean Robb put this into my mailbox:
However, the point has been completely missed here, Eric. The point Dal was making is that Perhaps.youwant.to FALSIFIED, LIED, FORGED, STOLE, MISAPPROPRIATED, and otherwise BS'd about their WhoIs entry:
[...]
So....four days ago, youwant.to [side issue: Why does a machine, "perhaps", have a host entry in WhoIs, but the domain, "youwant.to" not?] updated their WhoIs record with a bunch of lies. THAT is the point, and the problem. What is NSI/InterNIC going to do about it, Eric?
I wish to point out that I know the owner of the 'youwant.to' domain; he had nothing to do with installing the WHOIS entry. Someone else evidently decided it would be a good idea to falsify an InterNIC host record (for god knows what reason) and submit it. youwant.to is a personal domain, not a haven for spammers or anything of the sort. My point in bringing this up was to show how someone can basically submit entirely bogus information to InterNIC, and they don't even have a simple sanity check such as an 'nslookup <addr>' to confirm that the IPs match. This should have at least triggered a flag and perhaps a mail to somebody. It didn't, and is now in WHOIS, and quite probably the root nameserver glue, as well. Woe betide my friend if he'd like to use that as a nameserver for a domain of his someday. -dalvenjah -- Dalvenjah FoxFire (aka Sven Nielsen) When news breaks...we fix it. Founder, the DALnet IRC Network e-mail: dalvenjah@dal.net WWW: http://www.dal.net/~dalvenjah/ whois: SN90 Try DALnet! http://www.dal.net/
However, the point has been completely missed here, Eric. The point Dal was making is that Perhaps.youwant.to FALSIFIED, LIED, FORGED, STOLE, MISAPPROPRIATED, and otherwise BS'd about their WhoIs entry:
I think the world is missing something (*). ".to" is the TLD registered to Tonga. They are doing a nice line in registering domain names thankyou. Internic/NSI's whois server is not authorative for them. You thus get the same result querying whois.internic.lnet as if you (say) query something in the UK domain. That is it returns the record if and only if a host entry has been registered. It happens that this domain has a host record different from the DNS record, along with about ten trillion other incorrect host records in the Internic database. This is easilly achieved by modifying your zonefile after the host entry has been registered. If I remember correctly there is a well known bug that no host entries are fully checked anyway, but this is by the by. So I don't quite know how this is an exploit. (*) = or I am. -- Alex Bligh GX Networks (formerly Xara Networks)
On Sat, 21 Mar 1998, Alex Bligh wrote:
However, the point has been completely missed here, Eric. The point Dal was making is that Perhaps.youwant.to FALSIFIED, LIED, FORGED, STOLE, MISAPPROPRIATED, and otherwise BS'd about their WhoIs entry:
I think the world is missing something (*). ".to" is the TLD registered to Tonga. They are doing a nice line in registering domain names thankyou. Internic/NSI's whois server is not authorative for them.
Let's delve into the technical a bit, shall we? Host records are in place so that authorization info can be associated with the hosts that are registered as nameservers for a domain. One would expect that a host registered with the Internic would at some point in time be listed as a nameserver on an Internic domain name registration. When a host is listed as a nameserver on an Internic domain name registration, e.g. example.com, it is listed in the Internic zone, i.e. .com, as a glue record. If your nameserver happens to resolve example.com it will also learn the addresses from the glue records, thus if at some later point in time one of your customers attempts to access perhaps.youwant.to your nameserver will deliver the address learned from the glue record and will not query the youwant.to domain nameserver. I don't know whether these people actually did hijack the address of perhaps.youwant.to or whether they were just preparing to do so. And I don't know whether more recent versions of BIND can ignore glue records which would mean that they only partially hijacked the host name. Of course the Internic web pages claim that a host record can only be changed by the technical contact of the domain in question. Since they have no record in their database of a technical contact for youwant.to the question is, why did they allow this info to be registered in the first place? -- Michael Dillon - Internet & ISP Consulting http://www.memra.com - E-mail: michael@memra.com
Michael,
I think the world is missing something (*). ".to" is the TLD registered to Tonga. They are doing a nice line in registering domain names thankyou. Internic/NSI's whois server is not authorative for them.
Let's delve into the technical a bit, shall we? Host records are in place so that authorization info can be associated with the hosts that are registered as nameservers for a domain. One would expect that a host
Well arguably to prime glue records is the main point, which I think you agree with below.
registered with the Internic would at some point in time be listed as a nameserver on an Internic domain name registration.
When a host is listed as a nameserver on an Internic domain name registration, e.g. example.com, it is listed in the Internic zone, i.e. .com, as a glue record. If your nameserver happens to resolve example.com it will also learn the addresses from the glue records, thus if at some later point in time one of your customers attempts to access perhaps.youwant.to your nameserver will deliver the address learned from the glue record and will not query the youwant.to domain nameserver.
Yes I am familiar with this, but...
I don't know whether these people actually did hijack the address of perhaps.youwant.to or whether they were just preparing to do so. And I don't know whether more recent versions of BIND can ignore glue records which would mean that they only partially hijacked the host name.
Of course the Internic web pages claim that a host record can only be changed by the technical contact of the domain in question. Since they have no record in their database of a technical contact for youwant.to the question is, why did they allow this info to be registered in the first place?
... all I was saying is there is an innocent explanation for this I think. Which is the domain owners got the original registration of the glue/host record in there (which is unnecessary as it's a glue for a domain not held at Internic - it should be a glue in .to or whatever), and this could get in there because the Internic's glue record checking is/has been broken for a long long while. They then changed their nameserver address. I believe this to be likely because I have empirical evidence. We did this foolishly a long while ago with the same result. I registered 2 domains, mydomain.co.uk and, later, mydomain.com; As I had ns.mydomain.co.uk already set up, foolishly I set it as the nameserver for mydomain.com. This is/was a bad bad thing to do as the code at the Internic barfed on this and said the namserver didn't exist (as it wasn't in an Internic domain). The fix was for them to insert what is now known as a host record. Which they did. Then we tried to change the IP address of ns.mydomain.co.uk. But, lo and behold, the old host record of course stayed there. In this instance we couldn't modify it even when we tried. Sigh... Substitute mydomain.co.uk for perhaps.youwant.to and the above seems remarkably similar. The only people doing DoS for mydomain.co.uk at the time with the Internic. It only took a few weeks to sort it out. You are correct that however that there are various sanity checks missing from the host record stuff that *might* be able to be used as DoS. Probably publishing them on NANOG is a bad plan. -- Alex Bligh GX Networks (formerly Xara Networks)
On Fri, 20 Mar 1998, Michael Dillon wrote:
I don't know whether these people actually did hijack the address of perhaps.youwant.to or whether they were just preparing to do so. And I don't know whether more recent versions of BIND can ignore glue records which would mean that they only partially hijacked the host name.
Maybe I missed this somewhere, but has anyone tried contacting the people listed as the contact of this host? I could be wrong, but I've seen mangled submissions before, including a host template sent in when the user meant to send in a domain template. -- _______________ Chris Josephes __/ MRNet \ chrisj@mr.net __/ 612.362.5896 \________________/
On Fri, Mar 20, 1998 at 06:02:31PM -0800, Michael Dillon wrote:
Of course the Internic web pages claim that a host record can only be changed by the technical contact of the domain in question. Since they have no record in their database of a technical contact for youwant.to the question is, why did they allow this info to be registered in the first place?
A better question is: can a host with a .to domain name server as anything other than a root server for a domain in .to? .to lookups to the root are supposed to refer to the root servers for .to, no? I shouldn't think that Internic ought to have _any_ bearing on stuff that happens in .to; just because the King and his minions are promoting themselves as "just like .com" does _not_ mean the mechanics work that way. Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Unsolicited Commercial Emailers Sued The Suncoast Freenet "Two words: Darth Doogie." -- Jason Colby, Tampa Bay, Florida on alt.fan.heinlein +1 813 790 7592 Managing Editor, Top Of The Key sports e-zine ------------ http://www.totk.com
It seems you upset that there is a foreign domain hosted in the US, and that there is a probably useless and incorrect host record in the whois database. There is nothing terribly wrong with this. You seem to be assuming that hosting a foreign-registered domain in the US is evidence of some kind of deception or conspiracy. I just don't see any. Indeed, I just registered youdontwant.to via the Tonic registry. No deception. Perhaps I'll track anti-spam terrorism on perhaps.youdontwant.to. ;-) ** Unfortunately, Tonic doesn't seem to have a whois server. In any case, Internic doesn't have anything to do with it. As Eric said, but you won't accept. Whois Host records are informational, until they are entered into a domain record. In a domain record, they give one a nice tool to update the nameservers of many hosted domains with only update. There isn't any way to check them on creation. You can only authenticate updates to the records. Given that ARIN runs a whois server and Tonic doesn't explains why there is a host record but not a domain record (except in DNS). Whois Host records only have effect once their handle is entered into the domain record. Updates to the host record are also usually authenticated in simple or sophisticated ways. But again, the domain record is owned by Tonic, not Internic, so complaints to Internic will not be useful, or effective. Tonic, incidentally, does appear to have working password authentication on its domain updates. Tonic assigns handles separately from Internic, so the existance of host record in another registry doen't mean it could be accidentaly put into the domain record. This host information may be in fact be wrong or just useless or just informational but whatever the case, it doesn't have any effect on anything. While a bogus host record could possibly be some foolish failed attempt at spoofing the domain, it could also (more likely) be the remnants of some past or future association. In this particular case, I'd bet that someone incorrectly added a host record to Internic, instead of Tonic, by simple mistake. The owner of the domain probably knows which. Its mere existance doesn't mean anything conspiratorial is going on. Perhaps a quiet message to the domain owner noting this looks a bit crufty might be nice. But there is nothing for either Internic or Nanog to do. If its conspiracy you are looking to expose, your time is probably better spent looking for the second iceberg that really sank the Titanic. While there are perhaps real complaints to be made about Internics authentication, this is not an example of one of them. --Dean ** (Seriously, I did mean to follow-up the anti-spam terrorism thread last week--If people email me privately, I will try to organize tracking of anti-spam criminal activities. I also want to organize a group of moderates to advocate rational laws regulating spam. Many of the people who are talking with legislators right now are radicals or just ignorant. We really need some moderates to get involved. As you can see, there are some very misguided people out there talking to even more ignorant people in the Press and in Legislative bodies.) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Plain Aviation, Inc dean@av8.com LAN/WAN/UNIX/NT/TCPIP http://www.av8.com ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
At 16:08 3/20/98 -0500, Dean Anderson wrote: [snip]
You seem to be assuming that hosting a foreign-registered domain in the US is evidence of some kind of deception or conspiracy. I just don't see any. Indeed, I just registered youdontwant.to via the Tonic registry. No deception. Perhaps I'll track anti-spam terrorism on perhaps.youdontwant.to. ;-) ** Unfortunately, Tonic doesn't seem to have a whois server. In any case, Internic doesn't have anything to do with it. As Eric said, but you won't accept.
Try reading again. I have no problem, nor did I imply a problem, with foreign hosts having listings in InterNIC. The 'Net IS worldwide, after all. I cannot imagine where you get the idea that I "won't accept" this concept. And if you read Tonic's webpage, you'll see that there is a database at www.tonic.to/whois?xxxxxx.to (xxxx being the domain in question). Tonic's WhoIs doesn't provide a contact info, but it does provide server and IP info. Sorry, Dean...your anti-spammer bias seems to be coloring your comments. [snip comments based on erroneous premise of no WhoIs at Tonic]
existance of host record in another registry doen't mean it could be accidentaly put into the domain record. This host information may be in fact be wrong or just useless or just informational but whatever the case, it doesn't have any effect on anything.
Actually, you're quite wrong. SEVERAL RFCs require accurate information in the WhoIs database, NSI's Registration Agreement requires it and WhoIs is heavily used to contact domains/networks for various reasons (some quite important). The point and problem is that NSI (with this one, notable, exception) does nothing when presented evidence of falsified data in WhoIs. Now...what good is a database with known inaccuracies? As to verification, I can't think of an easy, effective way to verify the template information when presented for domain registration. However, when lies and false information in that registration is pointed out, NSI has an obligation to take action as provided for in the signed Registration Agreement.
While a bogus host record could possibly be some foolish failed attempt at spoofing the domain, it could also (more likely) be the remnants of some past or future association. In this particular case, I'd bet that someone incorrectly added a host record to Internic, instead of Tonic, by simple mistake. The owner of the domain probably knows which. Its mere existance doesn't mean anything conspiratorial is going on. Perhaps a quiet message to the domain owner noting this looks a bit crufty might be nice. But there is nothing for either Internic or Nanog to do. If its conspiracy you are looking to expose, your time is probably better spent looking for the second iceberg that really sank the Titanic.
Actually, there is strong evidence that a significant percentage of the incorrect information in WhoIs is there deliberately...inserted by net.abusers trying to avoid identification. There may be a large number of just plain errors, too...so why is nothing done to try to clean up the database? A nice quiet message to the person who registered MartianConsulate.com and listed a phone number of 555-1212 isn't likely to do much; nor will a polite email to the person who registered his contact info as "HeadHoncho@no.such.domain". THESE are the folks that need to be deleted. As for nothing InterNIC or NANOG can do: It is NSI's job to administer the database. Ensuring valid data is part of administration of a database. NANOG member interface and work with NSI daily...who better to help them get their act together? Or do you really want to be the one deluged with flamemail because some spammer listed your server as his?
** (Seriously, I did mean to follow-up the anti-spam terrorism thread last week--If people email me privately, I will try to organize tracking of anti-spam criminal activities. I also want to organize a group of moderates to advocate rational laws regulating spam. Many of the people who are talking with legislators right now are radicals or just ignorant. We really need some moderates to get involved. As you can see, there are some very misguided people out there talking to even more ignorant people in the Press and in Legislative bodies.)
Ah...now the agenda becomes more clear. Guess what? I'm an anti-spammer and have never hacked anything other than wood in my life. NANOG is definately inappropriate for us to discuss our differences in opinion, but you're webpage "Stupid Laws" section shows you to not believe that spam hurts anyone. Guess ACSI didn't really sue ConnectUp over spam; AOL, GTE and @Home didn't really have mail servers crash from spamloads; none of the backbones prohibit spam; RFC 1855 doesn't abjure the sending of unsolicited email; and there's no problem with spam. Maybe all those who don't like spam should just email you privately (at this or your dawg@world.std.com [you know, the one you send unsolicted commercial email aka spam from] address?)? Spam: it's not just for breakfast anymore.... Dean Robb PC-Easy On-site computer services (757) 495-EASY [3279]
At 9:50 PM -0500 3/20/98, Dean Robb wrote:
Try reading again. I have no problem, nor did I imply a problem, with foreign hosts having listings in InterNIC. The 'Net IS worldwide, after all. I cannot imagine where you get the idea that I "won't accept" this concept.
Oh. I see. You didn't write this:
Dean Robb: Traceroute confirms that youwant.to is hosted by Web2000.net. The WhoIs-listed IP is user.host.net, the machine on which Host.Net runs their webpage, FTP, et al. Not real likely they'd give that out for a hosted domain's IP.
Sounds pretty conspiratorial to me. It is indeed very "likely" that they'd give out a host record user.host.net for a hosted domain's IP. There is absolutely nothing wrong with that.
Dean Robb: So....four days ago, youwant.to [side issue: Why does a machine, "perhaps", have a host entry in WhoIs, but the domain, "youwant.to" not?] updated their WhoIs record with a bunch of lies. THAT is the point, and the problem. What is NSI/InterNIC going to do about it, Eric?
So your "side issue" above is completely untrustworthy. I admit, I just tried whois -h www.tonic.co. I should have looked at the web page. I am wrong about them not having a whois page. The correct answer, is that the Internic is not, can not, and will not do anything about it until they are asked by someone authoritative. And you aren't that. Look for conspiracies where you will.
Actually, there is strong evidence that a significant percentage of the incorrect information in WhoIs is there deliberately...inserted by net.abusers trying to avoid identification. There may be a large number of just plain errors, too...so why is nothing done to try to clean up the database?
I think that Internic gets paid. Thats pretty strong "correct" information. Anyway, there is not a real database on the planet that has entirely correct information. In this case, the incorrectness of the information is trivial, and has no effect on anything. No one can hijack a domain from another registry this way.
As for nothing InterNIC or NANOG can do: It is NSI's job to administer the database.
Several people have said this. I've said it several times: Its Tonic's database, not Internics. Being such a simple concept, nothing more really needs to be said. Second, and several people have also confirmed this as well, the incorrect host record may be just innocently incorrect. It's not your concern. Its not nanogs concern. In fact, Internic can't tell whether the real owner of perhaps.youwant.to owns that ip address or not. If they don't own it, they can complain to Internic about it. But you can't. It doesn't belong to you. There is no conspiracy to conceal information. There is no conspiracy by Internic to enable hijacking domains and populate their database with incorrect information.
Maybe all those who don't like spam should just email you privately (at this or your dawg@world.std.com [you know, the one you send unsolicted commercial email aka spam from] address?)?
This is a good example of anti-spammer terrorism. Mr. Robb here appears to encourage annoying or hate mails to a private account, and slander me with hate mail. I rarely send mail from that account, and never publicly. It must have taken some research for Mr. Robb to find that address. This, in fact, is inappropriate behavior. I have to question whether its appropriate for Mr. Robb to be on the Nanog list. I have had my World account for 7 years. Barry Shein (owner of world) is probably one of the most vehement and active anti-spam activists there are. I think he reads this list, and I hope he will attest that I have never sent spam from his system. Fortunately, Barry can distinguish political activism from terrorism. Indeed, he is one of the innocent victims of anti-spammer terrorism. He has suffered through bonafide denial of service attacks, unable to get the FBI's attention, because they seem to involve spam, and 99% of all spam complaints are frivolous --Dean ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Plain Aviation, Inc dean@av8.com LAN/WAN/UNIX/NT/TCPIP http://www.av8.com ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Eric Eden, Internic: In this case we removed the host and notified the contact of the host because it is not currently serving any domain names or networks in our database. [Not because there was anything "false" about it. It is still served up by Tonic]
Dean Robb: Most excellent. Now, what would you have done if it was Dirtbag.com that had provided the false information?
I have to question why people intentionally supply false information. Perhaps to avoid harassment from radical and misguided people? I have to presume in this case that Mr. Robb considers himself the sole judge of appropriateness of the entity. Given that youwant.to was perfectly legit, except for some cruftiness, I don't think we can really trust his judgement on such matters. This brings up an issue with whois databases that is relevant to nanog: Who should have access to whois contact information and its misuse. Perhaps we need to have a way to authenticate and limit who can get phone numbers and email addresses from the whois database, in order to prevent the kind of harassment and abuse apparently exercised by Mr. Robb. --Dean ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Plain Aviation, Inc dean@av8.com LAN/WAN/UNIX/NT/TCPIP http://www.av8.com ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
I think that this is a really important issue. Thanks for bringing it up.
Who should have access to whois contact information and its misuse.
I put my data in there for use by folk with net ops problems. My understanding is this is the purpose for which whois data have always been given. randy
On Sat, Mar 21, 1998 at 02:18:43PM -0800, Randy Bush wrote:
I think that this is a really important issue. Thanks for bringing it up.
Who should have access to whois contact information and its misuse.
I put my data in there for use by folk with net ops problems. My understanding is this is the purpose for which whois data have always been given.
randy
I don't see how you can possibly cut this off. I hate the people who abuse this data too. One way to cut it down is to accept only direct matches (ie: no more "wildcarding"). This also makes the database search engine incredibly simple and fast, as opposed to complicated and slow. Finally, it probably solves 90% of the abuse issues. -- -- Karl Denninger (karl@MCS.Net)| MCSNet - Serving Chicagoland and Wisconsin http://www.mcs.net/ | T1's from $600 monthly / All Lines K56Flex/DOV | NEW! Corporate ISDN Prices dropped by up to 50%! Voice: [+1 312 803-MCS1 x219]| EXCLUSIVE NEW FEATURE ON ALL PERSONAL ACCOUNTS Fax: [+1 312 803-4929] | *SPAMBLOCK* Technology now included at no cost
At 14:18 3/21/98 -0800, Randy Bush wrote:
I think that this is a really important issue. Thanks for bringing it up.
Who should have access to whois contact information and its misuse.
I put my data in there for use by folk with net ops problems. My understanding is this is the purpose for which whois data have always been given.
Correct. The stated purpose of WhoIs (in all it's guises) is to provide contact information for a domain. This information is supposed to be publicly available to provide a way for a user or other sysadmin to contact the domain owner/technical people. Thus, if you have a misconfigured mail server that's bouncing all "postmaster" mail, I can email your tech or zone contact to let them know, or place a phone call, or whatever. That's why several RFCs require correct contact data to be in WhoIs. The misuse aspect has come about because spammers (primarily) have bots that will harvest all the addresses in WhoIs and send them their drivel. Many people, because of this abuse, want to NOT have their email address listed in WhoIs...but that defeats the good purpose of the database. Probably the best way to handle this right now is to use a role account in the registration and put spam filters on that account. It's important to read mail to that account, though, because in the trash could easily be something important. So far, MOST (but not all) of those (that I've seen) arguing vehemently for complete anonymity in WhoIs and/or having no valid contact data are those persons trying to hide their identity because they are engaging in Net abuse of one form or another. There are a few, though, that are just privacy fanatics with no special agenda. Spam: it's not just for breakfast anymore.... Dean Robb PC-Easy On-site computer services (757) 495-EASY [3279]
Dean Robb writes:
The misuse aspect has come about because spammers (primarily) have bots that will harvest all the addresses in WhoIs and send them their drivel.
Contact handles are predictable. All you need to do in a bot is try all the permutations of 2 or 3 letters, with or without -ORG at the end, and increment numbers until nothing is found. That will get you perhaps 99% of the handles. Handles should instead be generated in an unpredictable way, such as MD5. -- Phil Howard | stop3it8@s9p1a4m9.net suck7it4@dumb4ads.com blow2me7@spammer7.com phil | blow7me9@dumbads1.com eat0this@s4p2a4m7.com crash760@dumbads9.org at | no1spam5@no34ads2.edu end2it40@s3p5a8m6.edu eat4this@noplace7.org milepost | suck9it9@no5where.com stop8it5@spammer1.org w7x7y8z3@s2p8a7m3.com dot | blow8me3@noplace5.org no46ads3@no99ads7.org suck0it3@no23ads5.edu com | no46ads7@no9place.net w9x2y9z5@anywhere.com eat1this@noplace7.org
On Sat, Mar 21, 1998 at 09:25:02PM -0500, Dean Robb wrote:
So far, MOST (but not all) of those (that I've seen) arguing vehemently for complete anonymity in WhoIs and/or having no valid contact data are those persons trying to hide their identity because they are engaging in Net abuse of one form or another. There are a few, though, that are just privacy fanatics with no special agenda.
I'll note here, (being the smut monger that I am :-) that several of the "live-cam" site operators, the JenniCam, for example, have whois information that is _useful_, but might be accused of being "misleading" for good reasons which I ought not have to explain. On the net, no one knows where you live. Cheers, -- jr 'unless you put your ICBM address in your sig' a -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Unsolicited Commercial Emailers Sued The Suncoast Freenet "Two words: Darth Doogie." -- Jason Colby, Tampa Bay, Florida on alt.fan.heinlein +1 813 790 7592 Managing Editor, Top Of The Key sports e-zine ------------ http://www.totk.com
At 16:24 3/21/98 -0500, you wrote:
Eric Eden, Internic: In this case we removed the host and notified the contact of the host because it is not currently serving any domain names or networks in our database.
[Not because there was anything "false" about it. It is still served up by Tonic]
*Sigh*. The host at InterNIC was registered with a false IP address and a false DNS provider. The Tonic entry was correct. How hard is this to understand?
Dean Robb: Most excellent. Now, what would you have done if it was Dirtbag.com that had provided the false information?
I have to question why people intentionally supply false information. Perhaps to avoid harassment from radical and misguided people? I have to presume in this case that Mr. Robb considers himself the sole judge of appropriateness of the entity. Given that youwant.to was perfectly legit, except for some cruftiness, I don't think we can really trust his judgement on such matters.
1. Fortunately, no one is asking you to trust my judgement. Not, of course, that yours is provably better since you provably don't know what you're talking about. 2. I do not consider myself sole judge of anything (except my behavior and [temporarily] that of my infant son. I point you to RFCs 2050, 1032, 1033, 920, 1173 and 1174 (that I know of offhand) that require current and correct NIC and WhoIs information from the registrant/owner of a domain. I quote in whole 2 paragraphs from the current NSI Registration Agreement: K. Warranty. Registrant warrants by submitting this Registration Agreement that, to the best of Registrant's knowledge and belief, the information submitted herein is true and correct, and that any future changes to this information will be provided to NSI in a timely manner according to the domain name modification procedures in place at that time. Breach of this warranty will constitute a material breach. L. Revocation. Registrant agrees that NSI may delete a Registrant's domain name if this Registration Agreement, or subsequent modification(s) thereto, contains false or misleading information, or conceals or omits any information NSI would likely consider material to its decision to approve this Registration Agreement. So you see, it's not ME being a judge, it's following the rules of the Internet and InterNIC. Really, you should be more familiar with the RFCs and InterNIC guidelines if you run an ISP and consult. It helps to know the material you're consulting about.
This brings up an issue with whois databases that is relevant to nanog: Who should have access to whois contact information and its misuse.
A valid point of discussion. Be sure to include the members of the IS, IETF, et al that made that provision part of the Internet Standards RFCs.
Perhaps we need to have a way to authenticate and limit who can get phone numbers and email addresses from the whois database, in order to prevent the kind of harassment and abuse apparently exercised by Mr. Robb.
Ah, now we see a slanderous comment! Prove I have engaged in any form of harassment or abuse, sir. Otherwise, we can only conclude that you are a fool, and a liar, and an "anti-anti-spammer terrorist". Welcome to ad hominem. There is a reasonable debate that can be held regarding privacy issues and directory services. There are a couple of RFCs (whose numbers I don't have at hand) on this issue. I'll not respond to Mr. Anderson on the matter though...he hurt my feewings. Spam: it's not just for breakfast anymore.... Dean Robb PC-Easy On-site computer services (757) 495-EASY [3279]
On Sat, 21 Mar 1998, Dean Anderson wrote:
Perhaps we need to have a way to authenticate and limit who can get phone numbers and email addresses from the whois database, in order to prevent the kind of harassment and abuse apparently exercised by Mr. Robb.
If you don't send or sponsor unsolicited commercial email or websites for them, then what are you afraid of? Providers who act responsibly on complaints of theft of electronic services (unsolicited commercial email) by dropping email accounts and/or websites don't appear to get "this kind of harassment" - It is usually reserved for those rogue ISP's who refuse to act upon complaints and continue to do business with spammer-thiefs. Since you claim to be a "responsible" ISP this shouldn't be a problem for you. You HAVE been a responsible ISP, haven't you? Or do you knowlingly sponsor websites for spammers or send out spam yourself? Methinks he doth protesteth too much. - James D. Wilson netsurf@sersol.com
At 10:15 PM -0500 3/22/98, NetSurfer wrote:
On Sat, 21 Mar 1998, Dean Anderson wrote:
Perhaps we need to have a way to authenticate and limit who can get phone numbers and email addresses from the whois database, in order to prevent the kind of harassment and abuse apparently exercised by Mr. Robb.
If you don't send or sponsor unsolicited commercial email or websites for them, then what are you afraid of? Providers who act responsibly on complaints of theft of electronic services (unsolicited commercial email) by dropping email accounts and/or websites don't appear to get "this kind of harassment" - It is usually reserved for those rogue ISP's who refuse to act upon complaints and continue to do business with spammer-thiefs.
Ah. Only girls with lowcut blouses and short skirts are raped. Since I don't wear lowcut blouses or short skirts, I have nothing to worry about, and shouldn't be concerned. Rape is OK, since it only happens to the sleazy girls. Uh Huh. When can I screw the interns? Say, you aren't hosting any porn or uncensored webcams are you? Boy, I think they're sick. Lets make sure we disconnect the entire lot, and any ISP/NSP who refuses to cooperate we'll just DoS them until they are pounded to dirt, like AGIS. Hey look, I think they are irresponsible. I'm justified in harassing them and publishing false routes etc. Right? I expect some kind of gaussian distribution of harassment develops where everyone gets harassed by some lunatic, and can't do anything about it. Eventually, somebody mails a bomb. To me? To you? To some kid in Vermont? You're smarter than that. I think. Besides, I react badly to coercion. So do most people. Thats why we need laws. Sensible ones at that. Anyway, I don't think it is just spammers. NOC's don't put terribly good information in whois because general public lusers will call them, instead of the help desk. Most companies don't list off-hours numbers. etc.
Since you claim to be a "responsible" ISP this shouldn't be a problem for you. You HAVE been a responsible ISP, haven't you? Or do you knowlingly sponsor websites for spammers or send out spam yourself?
Actually, unlike some who claim to be anti-spam, and then secretly host spammers, hoping no one will find out, I don't have any spam customers. And I don't have any customers who resell services. We aren't very big. But neither will I filter, if we ever have ISP customers whose customers send spam.
Methinks he doth protesteth too much.
I don't think I protest enough. Spam actually runs only 2% of email volume. Now, does anyone know how much of the total traffic is SMTP? These alleged great pains caused by spam are, after 9 months of study and record keeping, truly smoke. Buy some hardware. Find some people to run it. On the other hand, maybe I have been a bit hasty, and haven't considered every option. Vix, will you put porn sites into the RBL? I'll tell you what, if you put any site I and a few others think is immoral into the RBL, I will drop my opposition and join the ranks of the antispammers, (whom we will also rename the moral majority, since Falwell abandoned that name) Also, we will have to get rid of all the sex groups on usenet, by not transmitting them on news servers, and pointing cancel bots at the groups. I'll even take the RBL myself, and I'll try to get others to, as well. I will be as vocal and active in your support as I am in opposition. More so. If the anti-spammers do this, I'm a convert. --Dean ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Plain Aviation, Inc dean@av8.com LAN/WAN/UNIX/NT/TCPIP http://www.av8.com ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
On 03/22/98, Dean Anderson <dean@av8.com> wrote:
If the anti-spammers do this, I'm a convert.
There is no organized group of anti-spammers. There are a number of small, semi-organized groups which promote their own methods; these include the RBL volunteers, CAUCE, SPUTUM, and others. Sometimes the groups agree, sometimes they don't. All of them get mail from people who, like you, seem to think that any type of organized spam protection is censorship. Perhaps you should form a coalition of anti-anti-spammers; it might help you refine your arguments. They need a lot of work. -- J.D. Falk <jdfalk@vix.com> (Speaking only for myself. You knew that already.)
On Sun, 22 Mar 1998, Dean Anderson wrote:
Ah. Only girls with lowcut blouses and short skirts are raped. Since I don't wear lowcut blouses or short skirts, I have nothing to worry about, and shouldn't be concerned. Rape is OK, since it only happens to the sleazy girls. Uh Huh. When can I screw the interns? Say, you aren't hosting any porn or uncensored webcams are you? Boy, I think they're sick. Lets make sure we disconnect the entire lot, and any ISP/NSP who refuses to cooperate we'll just DoS them until they are pounded to dirt, like AGIS. Hey look, I think they are irresponsible. I'm justified in harassing them and publishing false routes etc. Right?
I expect some kind of gaussian distribution of harassment develops where everyone gets harassed by some lunatic, and can't do anything about it. Eventually, somebody mails a bomb. To me? To you? To some kid in Vermont? You're smarter than that. I think. Besides, I react badly to coercion. So do most people. Thats why we need laws. Sensible ones at that.
What type of crack are you on Dean? Your analogy is a mockery of the whole discussion <if there still needs to be one>. It's more akin to your dog deficating on your neighbors lawn - it IS your neighbors lawn and it IS your dog - 1st time comes the obligatory phone call "is this your sh*t" but you deal with it, 2nd comes the shout over the fence "clean up your sh*t" - but YOU still have to deal with it, FINALLY you pick up the object and hurl it over the fence to your neighbor's picture window screaming "EAT SH*T" - the only positive thing about the whole experience is that you really learn that it's better to know your sh*t. Whose responsibility is YOUR dog - and if you don't curb your dog, and I have to, I will definately make sure you do not enjoy and want to avoid the experience in the future. As far as rape - you need to switch groups - the binaries are killin you - try alt.binaries.pictures.erotica.midgets for a little relief
Anyway, I don't think it is just spammers. NOC's don't put terribly good information in whois because general public lusers will call them, instead of the help desk. Most companies don't list off-hours numbers. etc.
Since you claim to be a "responsible" ISP this shouldn't be a problem for you. You HAVE been a responsible ISP, haven't you? Or do you knowlingly sponsor websites for spammers or send out spam yourself?
Actually, unlike some who claim to be anti-spam, and then secretly host spammers, hoping no one will find out, I don't have any spam customers. And I don't have any customers who resell services. We aren't very big. But neither will I filter, if we ever have ISP customers whose customers send spam.
Methinks he doth protesteth too much.
I don't think I protest enough. Spam actually runs only 2% of email volume. Now, does anyone know how much of the total traffic is SMTP? These alleged great pains caused by spam are, after 9 months of study and record keeping, truly smoke. Buy some hardware. Find some people to run it.
On the other hand, maybe I have been a bit hasty, and haven't considered every option. Vix, will you put porn sites into the RBL? I'll tell you what, if you put any site I and a few others think is immoral into the RBL, I will drop my opposition and join the ranks of the antispammers, (whom we will also rename the moral majority, since Falwell abandoned that name) Also, we will have to get rid of all the sex groups on usenet, by not transmitting them on news servers, and pointing cancel bots at the groups. I'll even take the RBL myself, and I'll try to get others to, as well. I will be as vocal and active in your support as I am in opposition. More so.
If the anti-spammers do this, I'm a convert.
--Dean
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Plain Aviation, Inc dean@av8.com LAN/WAN/UNIX/NT/TCPIP http://www.av8.com ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- I am nothing if not net-Q! - ras@poppa.clubrich.tiac.net
At 15:41 3/21/98 -0500, you wrote:
Try reading again. I have no problem, nor did I imply a problem, with foreign hosts having listings in InterNIC. The 'Net IS worldwide, after all. I cannot imagine where you get the idea that I "won't accept" this concept.
Oh. I see. You didn't write this:
Dean Robb: Traceroute confirms that youwant.to is hosted by Web2000.net. The WhoIs-listed IP is user.host.net, the machine on which Host.Net runs their webpage, FTP, et al. Not real likely they'd give that out for a hosted domain's IP.
Sounds pretty conspiratorial to me. It is indeed very "likely" that they'd give out a host record user.host.net for a hosted domain's IP. There is absolutely nothing wrong with that.
1. Your interpretation of "conspiratorial" is completely outside the realm of your initial statement that I had a problem with foreign hosts in InterNIC. The words you quoted also don't support your opening assertion. Please look up "relevant" in the dictionary. 2. Conspiracy requires two or more persons to engage in an activity together. My point was that the person who registered youwant.to lied to InterNIC. One person cannot be a conspiracy. Please look up "conspiracy" in the dictionary. 3. Do you register domains you host as domain.av8.com? If so, please go re-read the RFCs to see how to properly list a hosted domain. The registration was not that of a proper domain, nor is it hosted by Host.net as the registration claimed.
Dean Robb: So....four days ago, youwant.to [side issue: Why does a machine, "perhaps", have a host entry in WhoIs, but the domain, "youwant.to" not?] updated their WhoIs record with a bunch of lies. THAT is the point, and the problem. What is NSI/InterNIC going to do about it, Eric?
So your "side issue" above is completely untrustworthy. I admit, I just tried whois -h www.tonic.co. I should have looked at the web page. I am wrong about them not having a whois page.
1. Untrustworthy? Somehow, I don't think that's the word you were looking for. Sadly, there's no way to know what word you were looking for as the point was that the registration was in the standard form for a machine name, not a domain name and you didn't dispute that.
The correct answer, is that the Internic is not, can not, and will not do anything about it until they are asked by someone authoritative. And you aren't that. Look for conspiracies where you will.
1. Please, Oliver Stone, Jr....quit talking of conspiracies. The only conspiracy around here is your determination to use the word as often as possible. InterNIC...and any other registry or network operator...should investigate ANY report of a problem. There is no RFC, statutory nor intelligent reason that the reporter need be "someone authoritative". 2. Assuming that for some reason unknown, a reporter of a problem must be "authoritative"...who would qualify? A system administrator? A sysadmin with over 100 systems? CEO of an ISP? 3. You know nothing of my qualifications, job or anything else. How do you know I'm *not* authoritative? 4. In fact, InterNIC DID remove the domain. Apparently, someone hijacked the name when he registered with InterNIC from the REAL youwant.to owner for reasons unknown. Apparently, NSI doesn't agree with your stance.
net.abusers trying to avoid identification. There may be a large number of just plain errors, too...so why is nothing done to try to clean up the database?
I think that Internic gets paid. Thats pretty strong "correct" information. Anyway, there is not a real database on the planet that has entirely correct information. In this case, the incorrectness of the information is trivial, and has no effect on anything. No one can hijack a domain from another registry this way.
1. How does "paid" equal "correct information"? That's probably the most illogical, of many, thing you've said. 2. Do you assert that because no database has entirely correct information that no effort should be made to clean up the WhoIs database? 3. In this case, it is a fairly minor issue. However, it exemplifies a major problem: false information in InterNIC registrations that NSI refuses to do anything about. I note that you fail to address that issue...the whole point...the problem...in any manner whatsoever.
As for nothing InterNIC or NANOG can do: It is NSI's job to administer the database.
Several people have said this. I've said it several times: Its Tonic's database, not Internics. Being such a simple concept, nothing more really needs to be said.
1. Please...try to keep up here. The false information is in WhoIs, the InterNIC database administered by Network Solutions, Inc, found at http://rs.internic.net/cgi-bin/whois. Being such a simple concept, surely you can understand that.
Second, and several people have also confirmed this as well, the incorrect host record may be just innocently incorrect. It's not your concern. Its not nanogs concern. In fact, Internic can't tell whether the real owner of perhaps.youwant.to owns that ip address or not. If they don't own it, they can complain to Internic about it. But you can't. It doesn't belong to you.
1. Of course it's perfectly innocent! The registrant accidently typed in the correct IP of another network, one that he is *not* hosted on, along with it's name. Perfectly understandable accident. 2. I'll type it slowly: if the domain is not at the IP address listed, and if it's not hosted by the listed DNS servers, then it's a pretty safe bet that they don't own the listed IP. 3. Ah, I see. Using your logic, then, only a police officer should report a crime; only a firefighter should own a fire extinguisher; only a domain owner should talk to InterNIC. Really, Dean...http://ds.internic.net/ds/dspg1intdoc.html. For someone so gung-ho on the rights of people, you sure seem convinced that I don't have a right to complain.
There is no conspiracy to conceal information. There is no conspiracy by Internic to enable hijacking domains and populate their database with incorrect information.
Whoever said there was? Large numbers of net abusers (including [gasp!] spammers) falsify their registrations. InterNIC isn't part of any conspiracy, they just don't enforce their contract nor do they properly administer their database. What is your fascination with conspiracies?
This is a good example of anti-spammer terrorism. Mr. Robb here appears to encourage annoying or hate mails to a private account, and slander me with hate mail. I rarely send mail from that account, and never publicly. It must have taken some research for Mr. Robb to find that address. This, in fact, is inappropriate behavior.
Ah, a fine example of how anyone who doesn't agree with you is an "anti-spammer terrorist". I'm merely trying to clarify at which of your public addresses you want people to contact you. Please, do tame that jerking knee. No one said "slander", "flame" or anything else. As for the "research", YOU ARE AN IDIOT AND A LIAR. The "research" I did? I visited your website: http://www.av8.com. I visited a page on your website: http://www.av8.com/H.4581/how.html. I read a sentence near the bottom of the page: "I began my consulting service using an account on "world.std.com", which I still have (I'm dawg@world.std.com). I sent out email to customers, and potential customers of my services." By your own admission, you send unsolicited commercial email from that account. Since you elsewhere indicate that address harvesting is appropriate behavior, then what have I done wrong?
I have to question whether its appropriate for Mr. Robb to be on the Nanog list.
Sorry. You don't own the list, you can't complain. Your logic, sir...and your petard. [snip]
Indeed, he is one of the innocent victims of anti-spammer terrorism. He has suffered through bonafide denial of service attacks, unable to get the FBI's attention, because they seem to involve spam, and 99% of all spam complaints are frivolous
Now, provide some real facts, please. Where do you get your percentages? What qualifies a complaint as "frivolous"? Explain why Mr. Shein was unable to pick up the phone and call the FBI. Your assertion is also illogical...if Mr. Shein was an innocent victim, why is he an active anti-spam activist (oh, redundancy!). My dear Mr. Anderson...you have an axe to grind, and fact/reality won't sway you. You also can't argue logically, as the above proves. Since you have proven yourself a fool, and I have no time for fools, I'll not respond to any further silly things you want to say. The questions posed are rhetorical, left as an exercise for the reader in determining the validity of your statements. Spam: it's not just for breakfast anymore.... Dean Robb PC-Easy On-site computer services (757) 495-EASY [3279]
On Sat, Mar 21, 1998 at 08:46:38PM -0500, Dean Robb wrote:
My dear Mr. Anderson...you have an axe to grind, and fact/reality won't sway you. You also can't argue logically, as the above proves. Since you have proven yourself a fool, and I have no time for fools, I'll not respond to any further silly things you want to say. The questions posed are rhetorical, left as an exercise for the reader in determining the validity of your statements.
Round one to Robb, on a TKO. Let's not have a round two, ok, gentlemen? Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Unsolicited Commercial Emailers Sued The Suncoast Freenet "Two words: Darth Doogie." -- Jason Colby, Tampa Bay, Florida on alt.fan.heinlein +1 813 790 7592 Managing Editor, Top Of The Key sports e-zine ------------ http://www.totk.com
At 13:22 3/22/98 -0500, Jay R. Ashworth wrote:
On Sat, Mar 21, 1998 at 08:46:38PM -0500, Dean Robb wrote:
My dear Mr. Anderson...you have an axe to grind, and fact/reality won't sway you. You also can't argue logically, as the above proves. Since you have proven yourself a fool, and I have no time for fools, I'll not respond to any further silly things you want to say. The questions posed are rhetorical, left as an exercise for the reader in determining the validity of your statements.
Round one to Robb, on a TKO.
Let's not have a round two, ok, gentlemen?
Having once again proved that you cannot underestimate the power of human stupidity, I store my gloves. I like *intelligent* discourse, not discombubulated ramblings. Spam: it's not just for breakfast anymore.... Dean Robb PC-Easy On-site computer services (757) 495-EASY [3279]
On Sun, Mar 22, 1998 at 03:06:52PM -0500, Dean Robb wrote:
Let's not have a round two, ok, gentlemen?
Having once again proved that you cannot underestimate the power of human stupidity, I store my gloves. I like *intelligent* discourse, not discombubulated ramblings.
Hey, Dean! You misspelled "discombobulated". Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Unsolicited Commercial Emailers Sued The Suncoast Freenet "Two words: Darth Doogie." -- Jason Colby, Tampa Bay, Florida on alt.fan.heinlein +1 813 790 7592 Managing Editor, Top Of The Key sports e-zine ------------ http://www.totk.com
At 15:17 3/22/98 -0500, Jay R. Ashworth wrote:
On Sun, Mar 22, 1998 at 03:06:52PM -0500, Dean Robb wrote:
Let's not have a round two, ok, gentlemen?
Having once again proved that you cannot underestimate the power of human stupidity, I store my gloves. I like *intelligent* discourse, not discombubulated ramblings.
Hey, Dean!
You misspelled "discombobulated".
No I didn't....that's how we spelled it back in Arkansaw....insert "bub" anywhere possible :) Given the subject in question, it probably should have been "discom-boob-ulated"...:> Spam: it's not just for breakfast anymore.... Dean Robb PC-Easy On-site computer services (757) 495-EASY [3279]
At 1:22 PM -0500 3/22/98, Jay R. Ashworth wrote:
On Sat, Mar 21, 1998 at 08:46:38PM -0500, Dean Robb wrote:
My dear Mr. Anderson...you have an axe to grind, and fact/reality won't sway you. You also can't argue logically, as the above proves. Since you have proven yourself a fool, and I have no time for fools, I'll not respond to any further silly things you want to say. The questions posed are rhetorical, left as an exercise for the reader in determining the validity of your statements.
Round one to Robb, on a TKO.
I concede that I have been outdone by Professor Robb. I am unable to comprehend his logic, and my mail spool isn't large enough to contain his rambling tirades. I would respond point by insensible point to his mail, but I have limited time. Dr Robb (aka God) has the amazing ability to detect incorrect host records from his planet by psychic intuition, and doesn't need to go through the tedium of actually checking with people who are authoritative for a domain or IP, like the rest of us, since he is authoritative. This is not something to be wasted or trifled with. Indeed, one must demand that Internic immediately delete the offending record, and then notify the contacts. In retrospect, I can see that simply sending mail to contacts at host.net and youwant.to is a waste of time for someone who is authoritative. I apologize for not realizing this sooner. He is also right that the only explanation is that someone was out to hijack perhaps.youwant.to. using a newly discovered technique of adding host records to another registry. Previously, DNS experts thought that this would have no effect, and was therefore on the same level as harmless cruft. The fact that youwant.to did not actually appear to be effectively hijacked was part of the clever disguise of the crime. I must admit I did not have the intellect to see through this deception. I am very grateful to Dr. Robb for setting me straight. Also quite clearly, there is absolutely no way this could have been done accidentally. I don't know what I was thinking when I thought it might be possible that host.net just cut the wrong information into one of their own host records. Luckily, we were saved by Professor Robbs fast action and harsh words, in spite of ourselves. I don't know how we can thank him. We should do something since he says he has no time for himself. (Selfless too!) Perhaps we could give him his own Nic contact handle, so he can register his own domain and host records. Or at least so the Internic can more quickly and efficiently implement his pronouncements on incorrect registration information. Also, why don't we just have the various registries get Dean Robb to approve any changes to the database? This would save tremendous effort. --Dean P.S. For a while, I was somewhat alarmed by the prospect of an angry nutcase, but I am now persuaded that Dean Robb is in fact harmless. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Plain Aviation, Inc dean@av8.com LAN/WAN/UNIX/NT/TCPIP http://www.av8.com ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
On Sun, Mar 22, 1998 at 07:10:46PM -0500, Dean Anderson wrote:
At 1:22 PM -0500 3/22/98, Jay R. Ashworth wrote:
Round one to Robb, on a TKO.
I concede that I have been outdone by Professor Robb. I am unable to comprehend his logic, and my mail spool isn't large enough to contain his rambling tirades. I would respond point by insensible point to his mail, but I have limited time.
Dr Robb (aka God) has the amazing ability to detect incorrect host records from his planet by psychic intuition, and doesn't need to go through the tedium of actually checking with people who are authoritative for a domain or IP, like the rest of us, since he is authoritative. This is not something to be wasted or trifled with. Indeed, one must demand that Internic immediately delete the offending record, and then notify the contacts. In retrospect, I can see that simply sending mail to contacts at host.net and youwant.to is a waste of time for someone who is authoritative. I apologize for not realizing this sooner.
<sigh> Dean, Dean... and I had such high hopes for you. His assertion, that the interNIC ought to follow it's own published procedures and follow up on reports of bogus data, attempting correction, and in extremis, deleting such records, seems to stand on it's own. It's also apparent from others' comments that they do not, which does not surprise me at all, given _my_ past experiences with the InterNIC. Have A Nice Day, Dean. Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Unsolicited Commercial Emailers Sued The Suncoast Freenet "Two words: Darth Doogie." -- Jason Colby, Tampa Bay, Florida on alt.fan.heinlein +1 813 790 7592 Managing Editor, Top Of The Key sports e-zine ------------ http://www.totk.com
Can we put this to rest. TIA On Sun, 22 Mar 1998, Jay R. Ashworth wrote:
On Sun, Mar 22, 1998 at 07:10:46PM -0500, Dean Anderson wrote:
At 1:22 PM -0500 3/22/98, Jay R. Ashworth wrote:
Round one to Robb, on a TKO.
I concede that I have been outdone by Professor Robb. I am unable to comprehend his logic, and my mail spool isn't large enough to contain his rambling tirades. I would respond point by insensible point to his mail, but I have limited time.
Dr Robb (aka God) has the amazing ability to detect incorrect host records from his planet by psychic intuition, and doesn't need to go through the tedium of actually checking with people who are authoritative for a domain or IP, like the rest of us, since he is authoritative. This is not something to be wasted or trifled with. Indeed, one must demand that Internic immediately delete the offending record, and then notify the contacts. In retrospect, I can see that simply sending mail to contacts at host.net and youwant.to is a waste of time for someone who is authoritative. I apologize for not realizing this sooner.
<sigh>
Dean, Dean... and I had such high hopes for you.
His assertion, that the interNIC ought to follow it's own published procedures and follow up on reports of bogus data, attempting correction, and in extremis, deleting such records, seems to stand on it's own.
It's also apparent from others' comments that they do not, which does not surprise me at all, given _my_ past experiences with the InterNIC.
Have A Nice Day, Dean.
Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Unsolicited Commercial Emailers Sued The Suncoast Freenet "Two words: Darth Doogie." -- Jason Colby, Tampa Bay, Florida on alt.fan.heinlein +1 813 790 7592
Managing Editor, Top Of The Key sports e-zine ------------ http://www.totk.com
His assertion, that the interNIC ought to follow it's own published procedures and follow up on reports of bogus data, attempting correction, and in extremis, deleting such records, seems to stand on it's own.
That they should follow their procedures is obvious, and not in dispute. But they didn't "follow up" in this case, or follow their procedures either. After arguing with Mr. Robb, they Eric pragmatically decided that no one was actually using the record and they would delete it. Eric (from Internic) had no information other than Mr. Robbs blind and loud assertions that the record was incorrect. For all Eric or anyone knows, youwant.to is about to be legitimately rehosted to host.net. The only person to offer contrary evidence is Dal who says he knows the owner of the domain, but he isn't a listed contact either. Furthermore, he appears to only have sent mail to Nanog, and not to Eric, at least, so far as I can tell. So Internic deleted a record on the word of someone who has no direct connection with either the IP address or the domain name. Not only that, the person they trusted doesn't even have a contact handle, and is not a contact for any domain or host record. I'm surprised you didn't follow that. --Dean ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Plain Aviation, Inc dean@av8.com LAN/WAN/UNIX/NT/TCPIP http://www.av8.com ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
At 7:49 PM -0500 3/22/98, Dean Anderson wrote:
So Internic deleted a record on the word of someone who has no direct connection with either the IP address or the domain name. Not only that, the person they trusted doesn't even have a contact handle, and is not a contact for any domain or host record.
For this particular host record, its existance or non-existance doesn't have any effect on anything. On the one hand, it doesn't really hurt to delete it. But for someone unrelated to the domain or IP (mr robb) to vehemently demand that the Internic delete it is just plain nutty. --Dean ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Plain Aviation, Inc dean@av8.com LAN/WAN/UNIX/NT/TCPIP http://www.av8.com ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
participants (14)
-
Alex Bligh
-
Chris Josephes
-
Dalvenjah FoxFire
-
Dean Anderson
-
Dean Robb
-
Fox Mulder
-
J.D. Falk
-
Jay R. Ashworth
-
Karl Denninger
-
Michael Dillon
-
NetSurfer
-
Phil Howard
-
Randy Bush
-
Rich Sena