Re: [atlarge-discuss] HOWTO send a message to ICANN

[Joe Baptista <baptista@dot-god.com>]

On Thu, 13 Feb 2003 david@aminal.com wrote:

> Crappy implemenations and mis-configured systems result in bad queries
> traveling through the system - as well as someone typing .con instead of
> .com into their browser address bar by mistake. I don't think this is in
> dispute.

yup - i've seen that in the data myself.  i can't disagree.  problem is
there is no way to independetally verify the caida data.  they won't even
release the tld rank list.  i'm mean you'll see on page 31 that the
largest volumns are suspect - .localhost we all know and love - i have no
idea why they called that illegitimate.  it's explainable.  then there was
that burrwhatever tld.  have no idea what that is.  wpad was a mcirosoft
tld.  so yes there are many explainations.  but we'll never know because
paul vixie has now declared the data from caida is his property.

>
> What was suprising was the ratio of junk to legitimate queries.

yes - incredible is it not.  again there are many reason which can be
attributed to this.  but without the data from caida it's impossible to do
anything but speculate.  i mean - example - is it possible that the
stability of the root system requires a stable dns - i.e. if yourname.com
was purchased today - you still own it in the year 10,002.  or something
like that.  who knows.  but i do not buy their claims of firewalls - that
explain maybe some but not all of their results.

and alot of these misconfiguration can be fixed immediately - like
localhost.  instead of NXDOMAIN - just do a no error and tell them where
it is 127.0.0.1 - it's always at the same place.  i know it violates the
root rfc - but it's a logical duty of the root to report the localhost
address - it's always the same address.

and in the send - im sure youll agree that traffic of 152 million hits per
day on any root is peanuts.  there alot of irrelevant traffic but it's no
where near the volumn which hits the .com and .net servers.

> > apparently paul is claiming privacy etc and a commercial interest in the
> > data itself.  i agree with him - it's valuable data.
>
> Other than to satisfy curiousity, I don't think it is important for root
> server operators to analyze the junk, what's important is to efficiently
> discard it.
>
> Given that focus, I don't think even a deliberate effort to flood the
> root servers with bogus queries would be noticed, it simply wouldn't
> stand out from the rest of the 'noise'.
>
> Now that the F root server is being 'cloned' using anycast technologies,
> even the denial of service attacks that *do get the root server operators
> attention will be less effective.

exactly.  of course now the question is where is the next vulnerability.
i know - so you know.

regards
joe

Joe Baptista - only at www.baptista.god

    iRADIO.nomad          http://iradio.nomad/


---------------------------------------------------------------------
To unsubscribe, e-mail: atlarge-discuss-unsubscribe@lists.fitug.de
For additional commands, e-mail: atlarge-discuss-help@lists.fitug.de