Home page logo

nanog logo nanog mailing list archives

Re: Re[2]: relays.osirusoft.com
From: jlewis () lewis org
Date: Wed, 27 Aug 2003 07:53:49 -0400 (EDT)

On 27 Aug 2003, Paul Vixie wrote:

...because running blackhole lists is surprisingly more hard
than most people think.  (witness the sorbs.net message here
a few hours ago complaining of 50Kpkt/day query loads.)  i've

Matt wasn't complaining about query loads.  And 50Kpkt/day in queries is 
nothing anyway.  He was complaining about being DDoS'd by spammers or 
others who just don't like dnsbls.  AFAIK, SORBS, SPEWS, and Osirusoft 
have all been the targets of DDoS's for a few weeks.

this part, on the other hand...

                                              he's put
*.*.*.* in, he's asking people not to use it anymore.

...mystifies me.  anyone who has read rfc1034 or rfc1035, even
if they did not also read rfc2181 or rfc2136 or rfc2308, knows
that in a zone containing the following wildcardish data:

      $ORIGIN example.vix.com.
      *                       1H IN A
      *.*                     1H IN A

This was just a misunderstanding on the part of the previous poster.  
Unless he has a copy of the zone (not likely given the unreliability of 
Joe's DNS servers lately), he wouldn't be able to see this.  I think he 
just wasn't familiar with how wildcards worked and assumed each * only 
matched one [^.]*, which is incorrect.  AFAICT, what he did add was:

*       24H     A
        24H     TXT     "Please stop using relays.osirusoft.com"

which is much worse than just emptying the zone, removing it from the 
NS's, or shutting down the DNS servers.

when i deprecated the old $foo.maps.vix.com zones in favour of the their
corresponding replacements $bar.mail-abuse.org some years ago, i had the
foresight to ensure that no mail would be blocked by people who failed to
put in the configuration change.  now you can all see why that was nec'y.

Mail would only have been blocked if you had done something crazy like the

Mail was delayed (and servers put under heavy load waiting for DNS queries 
to time out) when MAPS finally shut off free access without warning (a 
week or more after they originally had warned they'd do it, but gave 
everyone an extension when there was massive public outcry and they were 
unable to keep up with inquiries about buying access).  

 Jon Lewis *jlewis () lewis org*|  I route
 System Administrator        |  therefore you are
 Atlantic Net                |  
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]