![nanog logo](/images/nanog-logo.png)
nanog mailing list archives
Re: what the heck do i do now?
From: Warren Kumari <warren () kumari net>
Date: Sun, 4 Feb 2007 16:30:24 -0800
On Feb 4, 2007, at 2:49 PM, Jon Lewis wrote:
On Mon, 5 Feb 2007, Simon Lyall wrote:On Thu, 1 Feb 2007, Jay Hennigan wrote:Set up a nameserver there. Configure it to return 127.0.0.2 (orwhatever the old MAPS reply for "spam" was) to all queries. Let it run for a week. See if anything changes in terms of it getting hammered.Well I've seen some RBLs do this with about 2 days notice. Perhaps aspecial value could be defined ( 127.255.255.255 ? ) to tell users thatthe DNSBL is no longer in operation and shouldn't be used, standard software can then raise an error or whatever.That doesn't help get the old/unwatched installations to stop sending queries. It's been established that regardless of what you return, those installations will continue querying the dead BL.
Sure, but if we could all agree that 127.255.255.255 (or something) means that the BL has been shutdown then in the future this sort of issue could be mitigated.
If software were written so that receiving this would drop the BL from the list, then you would only get one query each time the software starts up -- even better would be that this response removes (or comments out) the blacklist from the config file so that it doesn't come back after a restart....
Yes, this doesn't fix Paul's problem (or anyone who setup a blacklist before this is standardized) and there is no way to enforce this, but it is bunch better than not doing anything...
That's why I think your best/only option is to attempt to misdirect them by pointing NS at . or unreachable space...effectively giving them someplace harmless to send their queries or to fail them without even having to send them.Killing the parent domain is an option too, but that only pushes the problem onto someone else's plate (the TLD servers).---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
W -- With Feudalism, it's your Count that votes.
Current thread:
- Re: what the heck do i do now?, (continued)
- Re: what the heck do i do now? John Payne (Feb 05)
- Re: what the heck do i do now? Stephane Bortzmeyer (Feb 06)
- Re: what the heck do i do now? Jon Lewis (Feb 06)
- Re: what the heck do i do now? Jon Lewis (Feb 01)
- Re: what the heck do i do now? Barry Shein (Feb 01)
- Re: what the heck do i do now? Matthew Sullivan (Feb 01)
- Re: what the heck do i do now? Ken Eddings (Feb 01)
- Re: what the heck do i do now? Jay Hennigan (Feb 01)
- Re: what the heck do i do now? Simon Lyall (Feb 04)
- Re: what the heck do i do now? Jon Lewis (Feb 04)
- Re: what the heck do i do now? Warren Kumari (Feb 04)
- Re: what the heck do i do now? Andrew - Supernews (Feb 04)
- Re: what the heck do i do now? Matthew Sullivan (Feb 05)
- Re: what the heck do i do now? Andrew Kirch (Feb 05)
- Re: what the heck do i do now? Simon Lyall (Feb 04)