Home page logo

nanog logo nanog mailing list archives

Re: oh, for goodness' sake.
From: Karl Denninger <karl () mcs net>
Date: Wed, 8 Apr 1998 18:49:27 -0500

Well, my point, really, was that generating filter lists and *loading them*
while relying on things in the network which aren't reliable enough is
rather silly.

IF you're going to run an automated procedure with the *expectation* that
these operations (like a DNS lookup) won't fail, then you had better have
mil-grade reliability.

The *REAL* solution is <DON'T DO THAT>.  I find it insane that folks were
auto-generating filter lists off RIPE's information, using DNS lookups,
without enough error checking to handle the case where the domain doesn't

Karl Denninger (karl () MCS Net)| MCSNet - Serving Chicagoland and Wisconsin
http://www.mcs.net/          | T1's from $600 monthly / All Lines K56Flex/DOV
                             | NEW! Corporate ISDN Prices dropped by up to 50%!
Fax:   [+1 312 803-4929]     | *SPAMBLOCK* Technology now included at no cost

On Wed, Apr 08, 1998 at 06:33:47PM -0300, Stephen Sprunk wrote:
What would be the utility of doing that?  Shouldn't we first direct
effort towards making the ROOT servers that reliable?  And then there's
always the networks used to *reach* these servers, which are often of
questionable reliability, especially when a MAE is involved.

Then again, that assumes that routers need military-grade DNS
capability, which is an absurd concept to begin with.  The routers
should simply continue to operate normally (or slightly degraded) if DNS
isn't available.  Any other design is doomed to horrible race


Karl Denninger wrote:

However, the nameserver infrastructure for such a TLD needs to go *far*
beyond *any* existing TLD's nameserver infrastructure.  You're talking here
about things that need near, or even at, military-grade reliability levels
of service.

Stephen Sprunk      "Oops."                 Email: sprunk () paranet com
Sprint Paranet        -Albert Einstein      ICBM:  33.00151N 96.82326W

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]