Re: [policy] When Tech Meets Policy...
Well, if they only delete 89% instead of 99.9% then to make 1,000,000 tasted registrations they will have to keep 100,000 of them, which will send a fair amount of money to the registry. Effectively making the minimum registration costs for tasting 10% of the normal cost. On 8/16/07, william(at)elan.net <[EMAIL PROTECTED]> wrote: > > > > On Thu, 16 Aug 2007, John L wrote: > > > > >>> The .ORG registry asked last year for permission to charge 5 cents per > >>> deletion to any registrar that deletes more than 90% of their > >>> registrations. > >> > >> I don't like that so much. Complications invite gaming the system. > > Yes, they are just going to delete 89% of their registrations. > > > It has the practical advantage of already having been implemented. > > What is important is not if it has been implemented but how effective > it has been. But unfortunately with just one TLD, its possible that > positive info can not be relied on as given limitations bad registrants > could have just moved to using other TLDs that do not have the limits). > > Personally I think one way to do attempt to deal with it is to require > explanation for each and every registration that is deleted and then > look overall at types of explanations given and put additional barriers > for certain cases (i.e. paperwork, etc) plus capability of ICANN to do > audits of registrars deleted domains to verify that explanations they > are given are consistent with actual activity. > > -- > William Leibzon > Elan Networks > [EMAIL PROTECTED] >
Re: [policy] When Tech Meets Policy...
I find this to be a disturbing abuse issue by registrars as well... A good example is a domain I owned, thedigitalfreeway.com ...it was owned by me and used for a webhosting business: http://web.archive.org/web/20060618003859/http://www.thedigitalfreeway.com/but the business fell through as I had little startup money and was forced to close down and let the domain expire due to a ongoing ddos attack from china botnets that neither I nor my ISP had the hardware to handle properly (I didn't have the funds to buy such hardware). Since the domain expired now look at the whois info: Gawith, Marc [EMAIL PROTECTED] 1160 W. Canary Way CHANDLER, Arizona 85248 United States 4802272987 Godaddy took the domain and has parked it and is trying to sell it, I had heard of registrars doing this but didn't believe it until now, this is not right that registrars can just take a domain name, see if it generates any revenue, and get the registration fee refunded if they dislike the domain's performance!!! P.S. Interesting: http://www.linkedin.com/pub/3/886/B53
Do I or RR need dns clue?
Hi, Mail to RR users is getting refused due to PTR issues. I contacted RR and explained that yea, one of our 2 DNS servers for the IN-ADDR.ARPA is down, but the other is fine. They said that I should either get the DNS server back up (Which of course is already being worked on, was the minute it went down) or delete it from ARIN IN-ADDR.ARPA records. Isn't the whole point of multiple DNS servers that if one is down the other can still answer queries? Or am I missing something here??? Thanks, Tuc/TBOH
Re: ONS - The few the proud ... the sleeping
Stephen Wilcox wrote: > > Given that the fastest edge connections (outside of Peter Lothbergs bathroom) > are 10Gb this traffic can easily be directed to take out multiple parts of a > networks critical connectivity. (removed annoying cc's) Well I was actually hoping Mrs. Lothberg would be the next MAE-Scandanavia backbone provider. Do the math (anyone): // SNIP “The number of unique, infected hosts (bots), from which the attack is being launched by email, has also increased dramatically,” said Stewart. “They went from 2,815 in the beginning of 2007 through the end of May to a total of 1.7 million for the months of June and July.” http://www.darkreading.com/document.asp?doc_id=130745 // END SNIP Let's say its exaggerated and say this botnet is 1/4 of this size: 425,000 hosts waiting for a C&C dumbarse to launch a command. Something simple ping... 64bytes * 425,000 hosts = 25MB ... ping -s 128 or higher? A GET|HEAD|POST|etc would kill my server before the majority of traffic even eeked its way through. Bad scenario ... Cause a flap between two heavy peers (see Randy Bush's take on dampening/flapping). I could see this become a problem no matter what you think you can throw at it. Somewhere, someone down the line, will have something a bit misconfigured/*oops I forgot to place tcp intercept here*/etc and will cause some "could have been avoided if one woke up and smelled the coffee" scenario which will cause a major outage. Poop happens when you let it, why not open ones eyes now and be alert/aware of what's out there and make sure solutions are in place before its too late. Then again, I wonder what outside of massive filtering on fwsm's can one do in a situation like this. Its not like these are spoofed connections which something like tcp intercept would be able to mitigate against. RFC1918 filtering... Useless. Different story if there was filtering on provider side that says "Hey gee... This botnet that's 1.7 million strong is connecting on port x, let me take a pre-emptive strike and monitor this" http://atlas.arbor.net/ +207.0 % Slammer variant as of yesterday... School is what one two weeks away. Synonymous with all sorts of new improved crap... I can't for the life of me figure out why some of the best engineers in the world who are on this and other networking lists shrug these things off. Makes me wonder who profits via bandwidth sales from this. Someone obviously will irrespective of how rude, condescending it sounds. -- J. Oquendo "Excusatio non petita, accusatio manifesta" http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xF684C42E sil . infiltrated @ net http://www.infiltrated.net smime.p7s Description: S/MIME Cryptographic Signature
Re: nanog list bad sub
Randy Bush wrote: > the following post should not have come to me apologies. this should not have gone to list, but to admin. my elisp for nanog vacation abusers seems to need some updating. randy
Re: DNS not working
[EMAIL PROTECTED] wrote: Hi, I try adding google.com to my dns server to get more visitors but google.com still show search engine. For which your customers are grateful Please advise how to do so more visitor in return? May the Gods be with you! Mine prefers not to cheat. -- Jeff Shultz
Mailing list policy broken..
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 If I subscribe to the mailing list, and the "-post" mailing un-blocker, there should be NO reason my e-mails should be blocked to the NANOG list. Right? I mean, that's kinda the whole point, right? Can someone please fix this? This is broken, broken, broken. I shouldn't get messages like these: [snip] : 198.108.95.8 does not like recipient. Remote host said: 550 ... Relaying denied Giving up on 198.108.95.8. [snip] - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.6.2 (Build 2014) wj8DBQFGxSJbq1pz9mNUZTMRAp/6AKCsLbANou0lo2aBX0wRjzrUKm3YVwCcD7bM twZrVzkJp+Q5lepVT/LIyuc= =RWSo -END PGP SIGNATURE- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
Criminals, The Network, and You [Was: Something Else]
Re-sending due to Merit's minor outage. - ferg -- Forwarded Message -- -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Robert Blayzor <[EMAIL PROTECTED]> wrote: >The fact that they're rejecting on a 5xx error based on no DNS PTR is a= bit harsh. While I'm all for requiring all hosts to have valid PTR records, there are times when transient or problem servers can cause a DNS lookup failure or miss, etc. If anything they should be returning a= 4xx to have the remote host"try again later". > Oh, wait till you realize that some of the HTTP returns are bogus altogether -- and actually still serve malware. It's pretty rampant right now. :-/ - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.6.2 (Build 2014) wj8DBQFGxR1lq1pz9mNUZTMRApQRAKCEOLpuu69A1+B4vCHQTZs+hHLKaACcD1Ak 9JNwl2i1mL08WNUQSlXBYGM=3D =3DffuN -END PGP SIGNATURE- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
Re: Do I or RR need dns clue?
On Thu, Aug 16, 2007 at 10:26:35PM -0400, Tuc at T-B-O-H.NET wrote:
> > Tuc at T-B-O-H.NET wrote:
> > > Down is there isn't power to it until it gets repaired. So its not
> > > answering period. A "nslookup" shows "timed-out". A "dig" shows
> > > "connection timed out; no servers could be reached" (When querying ONLY
> > > against the down server).
> > >
> > > So how do I go back to RR, who told me to take it out of my
> > > NS records, that DNS is supposed to be silently falling back and trying
> > > again?
> >
> >
> > The fact that they're rejecting on a 5xx error based on no DNS PTR is a
> > bit harsh. While I'm all for requiring all hosts to have valid PTR
> > records, there are times when transient or problem servers can cause a
> > DNS lookup failure or miss, etc. If anything they should be returning a
> > 4xx to have the remote host"try again later".
>
> Sorry, they aren't giving a hard fail. Its a soft fail, so we'll
> retry. But after 5 days of retrying, my servers will give up. (And, in
> the mean time, the mail isn't getting through, so my users are without mail
> {We store/forward for them} I don't know if the down (hard) server will be
> back that soon (Its been 2 days as is). But the whole POINT of DNS is I have
> a 2nd one listed, and they don't seem to care. They are telling me that they
> want my "primary" one back up and running.
Tell them that your primary is up and running and it's only the secondary
that's down, and see what they say. If they disagree, ask how they know
that the server that's down is the primary...
- Matt
