discuss AT lists.opennicproject.org
Subject: Discuss mailing list
List archive
- From: Larry Brower <larry AT maxqe.com>
- To: discuss AT lists.opennicproject.org
- Subject: Re: [opennic-discuss] discuss Digest, Vol 5, Issue 35
- Date: Tue, 28 Dec 2010 17:00:43 -0600
- List-archive: <http://lists.darkdna.net/pipermail/discuss>
- List-id: <discuss.lists.opennicproject.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 12/28/2010 12:46 PM, Jamyn Shanley wrote:
> I have to agree. A blanket statement like "If you're afraid of
> traffic, don't host anything public" is just too broad and shifts all
> responsibility away from the user, regardless of their actions. As a
> general comparison, many mail services throttle, discard, delay, and
> filter traffic from heavy sources (You can use Hotmail, Gmail as an
> example). Almost all RBL providers will certainly block you if your
> queries exceed a threshold per hour/day, if they consider it to be
> 'too much'. ISPs filter DDOS attacks, but that doesn't make them
> afraid of the traffic, does it? It just means they're taking
> responsible action to try to protect their network and the services
> they provide.
>
> The responsibility in this case lies with the user. A typical home
> user will never generate hundreds of thousands of queries in a short
> period. He mentioned the queries were ~ 250,000 in 15 minutes, or
> 16,600/minute, or 277 queries every second for 15 minutes straight,
> from ONE source.
>
> That's excessive. If they really need to generate that many
> queries/sec per IP, they should plan ahead and host a LOCAL DNS
> server, it's common sense. It's also common sense to protect your
> network when it's saturated and becoming unusable. The end-user
> failure to plan for their own needs should not mean that we should
> accept the service disruption.
>
I have to agree here and also bring up the idea that perhaps T1/2
servers should comply with RFC 2870 specifically section 2.6
2.6 Root servers MUST answer queries from any internet host, i.e. may
not block root name resolution from any valid IP address, except
in the case of queries causing operational problems, in which
case the blocking SHOULD last only as long as the problem, and be
as specific as reasonably possible.
http://tools.ietf.org/html/rfc2870
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBCgAGBQJNGmwbAAoJEBgaXYoZ++87RZYIAK6W7Ne5pL9FEr4UHGhU4Syv
UMdYpBMSbVSqR9JERUguRpL1GlFWzJnX3bIMc1tPP8tq3unf/GprQjXmXa5PmQT6
zJwqJlZmtnO4x/QNqPIzJqavtTh45Qa+XiogJxTxCFPDV6kq0+4e+jMiuIgJwaJ0
qg/4rWsgyBblYOU2stjkaMFHYmMQ8Y5JVY0LgGrqZ9ZJGRNvkDzbYvdLHFrgbeHg
PIatQSUdmRee+2U85VsYp99TBq+vK0V9IXuvGShOR16XTyZtjBNxqHD5nEPpkEzC
qISNKhcpRB4qUhpEpjWDd2hbR5mO6g2cljnov+/5xMHFGNdC3jDi8dvrKfFIM9E=
=rGm9
-----END PGP SIGNATURE-----
- Re: [opennic-discuss] discuss Digest, Vol 5, Issue 35, Jamyn Shanley, 12/28/2010
- Re: [opennic-discuss] discuss Digest, Vol 5, Issue 35, Larry Brower, 12/28/2010
- Re: [opennic-discuss] discuss Digest, Vol 5, Issue 35, Brian Koontz, 12/28/2010
- Re: [opennic-discuss] discuss Digest, Vol 5, Issue 35, Larry Brower, 12/28/2010
- Re: [opennic-discuss] discuss Digest, Vol 5, Issue 35, Brian Koontz, 12/28/2010
- Re: [opennic-discuss] discuss Digest, Vol 5, Issue 35, Larry Brower, 12/28/2010
Archive powered by MHonArc 2.6.19.