nanog mailing list archives

Re: large organization nameservers sending icmp packets to dns servers.


From: "Patrick W. Gilmore" <patrick () ianai net>
Date: Wed, 8 Aug 2007 10:33:56 -0400


On Aug 8, 2007, at 2:11 AM, David Schwartz wrote:
On Aug 7, 2007, at 4:33 PM, Donald Stahl wrote:

If you don't like the rules- then change the damned protocol. Stop
just doing whatever you want and then complaining when other people
disagree with you.

I think this last part is the key.

Remember the old adage: "My network, My rules"? Have we forgotten that?

No, that's the point. The Internet is based on cooperation. You can run your network however you want, but if you fail to cooperate, other people will exercise their right to run their network how they want by blacklisting you.

So we are in violent agreement.

IOW: Your first word is incorrect. It _IS_ my network, and you agree it is my network, and you agree I am allowed to run it as I please. In return, I agree you can run your network as you please, even if that includes blacklisting me.


Should I not block ports for MS protocols when a new worm spreads
because it would break the E-2-E principal?  What about spam
filtering?  Or a myriad of other things.  Everyone here is breaking
some RFC somehow.  And most of us don't give a rats ass.  Which is
the way it should be.

Fine, so long as you don't break the promises you make to other networks. If you do that, you wreck the cooperation fabric the Internet is based on.

Paying $10 and registering a domain IN NOW WAY means I promised a bazillion people anything.

What happened to: "You can run your network however you want"?


But when you decide that YOUR violation is MY problem to fix, then
you are just being silly.  And worse, annoying.

Let's all just agree to run our own networks the way we damned well
please, as long as we are not hurting anyone else.  We just have to
define "omplaining to you about things I b0rk'ed by myself" as
"hurting you".  Which isn't a stretch, support costs money, and
costing me money because you screwed up is definitely hurtful.

When you promise to provide a service to anyone who asks for it and then fail to, you impose costs on other people. Failing to resolve names that you claim you will resolve is just such a failure. It forces other people's resolvers to do extra work to get the information they need or they just
can't get it.

This is, IMO, the type of cooperation failure that justifies blacklisting.

You are very, very confused. When you ask me to resolve a name, _I_ did not cost _you_ anything - just the opposite. This is true whether I send you an A record or not.

The idea that you can force me to provide service for you without payment, contract, service in trade, etc., has not been true for a couple decades. The idea that I might, out of the goodness of my heart, provide services for others is still alive and well. But to expect it is only going to cause you all kinds of problems, even from the people who have goodness in their hearts.


But hey, feel free to disagree and blacklist away. Your network, your decision. :)

--
TTFN,
patrick


Current thread: