On Fri, Apr 04, 2008 at 03:51:16PM -0700, John L. Crain wrote:

> I don't think the disease is life threatening. I keep hearing about the 
> "Problem" of bogus queries to the root. It is certainly messy and ugly but 
> from my perspective as an operator it is more of irritant than anything else. 
> The capacity building for root operators, at least in our case, is not built 
> around those bogus queries, it's build around other problems such as the 
> number of hosts with weak security that are available for use in DDOS attacks.

thanks, John, for bringing this up.  The topic is re-occuring and for judging 
the
cure vs. the disease we would need to know not only how widespread the disease
is (in percent of the queries), but whether the patient actually suffers.
Also, it would be interesting to not only watch the "bogus" queries but also
at the ratio of "bogus" vs. "legitimate" queries per source IP address, also
taking into account other query parameters.  This would help getting an idea
whether measures implemented in the average recursive full resolver would
actually lead to a significant change.

For the "AS112 for TLDs" I sense there is consensus to go to WGLC with 
maintaining
the drafts' current focus.

> For now I still believe the best answer is to keep answering with NXDOMAIN 
> and hoping that one day, this is where I am delusional,  that those do the 
> querying will fix their end of the problem...

Since "information leakage" has been mentioned already and additional delay
is another concern on the client side, it might be worth addressing the 
"disease"
from this end. However, we have no indication that anybody actually suffers 
here.

So, unless we'd like to live with the topic popping up over again, we could try
a "trade offs document" for a start.  Not sure this will end up as something
to be reasonably published as an RFC, but it might at least serve as a pointer
target next time the idea comes up.

-Peter
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to