[119234] in North American Network Operators' Group
Re: What DNS Is Not
daemon@ATHENA.MIT.EDU (David Ulevitch)
Tue Nov 10 10:32:51 2009
Date: Tue, 10 Nov 2009 10:31:55 -0500
From: David Ulevitch <davidu@everydns.net>
To: nanog@nanog.org
In-Reply-To: <20091110080539.35005525@jpeach-desktop.1425mad.mountsinai.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 11/10/09 8:05 AM, John Peach wrote:
> On Mon, 09 Nov 2009 18:15:09 -0500
> David Ulevitch<davidu@everydns.net> wrote:
>
>> On 11/9/09 6:06 PM, Alex Balashov wrote:
>>
>>> Anything else is COMPLETELY UNACCEPTABLE. I don't understand how or
>>> why this could possibly be controversial.
>>
>> Because some people want the ability and choice to block DNS
>> responses they don't like; just as they have the ability and choice
>> to reject email they don't want to accept.
>>
>> When the conficker worms phones home to one of the 50,000 potential
>> domains names it computes each day, there are a lot of IT folks out
>> there that wish their local resolver would simply reject those DNS
>> requests so that infected machines in their network fail to phone
>> home.
>>
>> To use your language, I don't understand how or why this could
>> possibly be controversial. -- Apparently it is.
>
> In which case, make your own nameserver authoritative for those
> domains; do not foist your own wishes on other people.
Umm... That's precisely what I've done. Please read the thread.
-David
