Discuss mailing list

[Larry Brower <larry AT maxqe.com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 12/28/2010 06:35 PM, Brian Koontz wrote:
> On Tue, Dec 28, 2010 at 05:00:43PM -0600, Larry Brower wrote:
>> I have to agree here and also bring up the idea that perhaps T1/2
>> servers should comply with RFC 2870 specifically section 2.6
>>
>>
>>    2.6 Root servers MUST answer queries from any internet host, i.e. may
>>        not block root name resolution from any valid IP address, except
>>        in the case of queries causing operational problems, in which
>>        case the blocking SHOULD last only as long as the problem, and be
>>        as specific as reasonably possible.
> 
> Refusing to answer a recursive query is not in violation of the RFC.
> And it would be easy to use the "operational problems" clause to
> justify blacklisting/whitelisting. 
> 
>   --Brian


I wasnt trying to say it was. I was demonstrating that they should
respect the RFC's and have proper mechanism's  in place to prevent being
flooded. IE., they should block malicious IP's for as long as it takes
to keep service going.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCgAGBQJNGp3dAAoJEBgaXYoZ++87ET4H/iybkylY8eWn5Teg/X8Eu90w
DH/AvIl6SH4XMlCek66J6riEDOR4kTBqA9wBRLgyUC5jvat5UREf4cQWoDd3mUcN
7E5x1u/36WSxKL10MKoWYIilaPWvjCyLsQ1YOHVWlo1dQ5Kx7LSIEA/dEpiee16I
4lXKyvFyhmsw1COsuoTqJXktyN4hMDhId6yy0bIyTlMmdjINfWtlIq/NwvvvZmcF
cMax9+J38GlDPdKfQ2XSiYqR7UOM2wHtyNcVSSAH+zI2Nj+O2ndYH4WzExoE09yw
jzN6fnoCjEiIHVr/IcH/Sb/30ezThpy8mt2T9AMrPGU2WnWYhkbgmBDl1j2iyWU=
=UDOV
-----END PGP SIGNATURE-----