[120121] in North American Network Operators' Group
Re: Arrogant RBL list maintainers
daemon@ATHENA.MIT.EDU (Michael Holstein)
Thu Dec 10 10:50:29 2009
Date: Thu, 10 Dec 2009 10:48:05 -0500
From: Michael Holstein <michael.holstein@csuohio.edu>
To: John Levine <johnl@iecc.com>
In-Reply-To: <20091210002747.39382.qmail@simone.iecc.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> Is your network setup so chaotic that you don't know what address
> chunks are allocated by DHCP or PPP?
Aww .. stop it, just stop. I could send the .vsd of the network overview
to everyone and there'd still be someone that'd chime in and say "Ha!
you moron .. you used ORANGE lines to interconnect things, nobody ever
does it that way".
We've drifted waaaay O/T here. But to answer a few questions :
> Maybe you misunderstood them? What's trunking a VLAN across the core for
> a printers subnet have to do with anything? They were asking you to tell
> them which of your subnets are dynamic and which are static, presumably so
> they could remove your /16 and list just the bits of it that really are
> dynamic or otherwise appropriate for their list.
>
We break the /16 up into /23s and /24s (and a few /22s) based on
building/router and security class (along with a bunch of 1918 space
that we only NAT internally). What would be more chaotic? .. further
dividing a /24 just to put static stuff within a (^2) boundary?
Like many places, we run seperate internal and external DNS .. when a
user requests a static IP, they can opt to make it "external", but few
do, since we point out that when they do that, they loose the anonymity
of the "generic" rDNS.
An internal DNS entry might look like :
lastname-modelnumber.router.building.csuohio.edu
While the external entry might look like : csu-137-148-19-3.csuohio.edu
People that need remote access use our WebVPN (or client VPN) and can
then use the internal DNS to find their machine. There's little
motivation to create a static unless it's a server or printer.
> Does it matter if they label your non e-mail server IPs as dynamic space,
> and therefore put it on their DUL?
No, not at all. As I've said all along, my beef was that as a mail-abuse
DNSBL provider, they were taking issue with our naming scheme for things
that had nothing to do with email. As several have already recognized,
we are doing the mail part correctly .. there are exactly 4 IPs that are
permitted to send mail to the Internet .. FOUR of them, all of which
have proper A=PTR, SPFv1 records, abuse@ contacts, etc.
/thread
Regards,
Michael Holstein
Cleveland State University
