[80509] in North American Network Operators' Group
Re: Schneier: ISPs should bear security burden
daemon@ATHENA.MIT.EDU (Steven Champeon)
Mon May 2 13:29:04 2005
X-Received-From: schampeo@habanero.hesketh.net
X-Delivered-To: <nanog@merit.edu>
Date: Mon, 2 May 2005 13:28:33 -0400
From: Steven Champeon <schampeo@hesketh.com>
To: nanog <nanog@merit.edu>
Mail-Followup-To: nanog <nanog@merit.edu>
In-Reply-To: <42766078.2090603@ttec.com>
Errors-To: owner-nanog@merit.edu
on Mon, May 02, 2005 at 01:16:40PM -0400, Joe Maimon wrote:
> Steven Champeon wrote:
> >on Sun, May 01, 2005 at 10:40:21PM -0400, Joe Maimon wrote:
> >
> >>What does the rest of the internet gain when all IPs have boilerplate
> >>reverse DNS setup for them, especialy with all these wildly differing
> >>and wacky naming "conventions"?
> >
> >
> >I don't care what the rest of the Internet gains, but I can say that
> >knowing something about these "wildly differing and wacky naming
> >conventions" has cut my spam load down by 98% or more. By knowing who
> >names their networks what, even wild-assed guesses at times have kept
> >the DDoS that is spam botnets from destroying the utility of email here.
>
> Thats not quite what I was asking. Would you not have preferred being
> able to do all the above simply by being able to assume that all these
> "dialup" systems would not have any RDNS?
No.
> The question restated is what is the benifit in advocating "dialup
> names" as opposed to simply recommending that dialup ranges get NO rDNS?
More information is always better.
> For spam/abuse prevention it surely is less usefull. Its much easier to
> block IP with no rDNS than to maintain a list of patterns of rDNS that
> should be blocked.
Surely. And yet, knowing that Comcast addresses are responsible for
a third of the abuse against my mail server is easier when all of the
hosts' rDNS ends in "comcast.net", so I don't need to do whois lookups
on each IP.
> I understand that RFCs recommend/require it. I want to know about
> specific benefits to the internet at large (not to the user who now has
> rDNS)
>
> Given a choice between ISP using unpredictable naming patterns or no
> name for dialup ranges, what would your preference be?
Predictable naming conventions, preferably right-anchored, such as
'.dialup.dynamic.example.net'
If you're saying that's not possible, then I'd prefer unpredictable
names over no rDNS at all (though preferably at least consistently
implemented within a given rDNS domain)...
--
hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com
join us! http://hesketh.com/about/careers/account_manager.html join us!
