Dns-operations mailing list

[Alejandro Bonet <albogoal AT gmail.com>]

I dont think ddos attacks justify very much a "white list"...

At least as "normative for opennic public servers".


Public is public, and a whitelist is a white list.

DDOS attackers are also public.

Perhaps attacks justify more a "black list"...

I think each server admin must choose how he/she protects his/her
servers against attacks.

I see the whitelist as "a way to get less attacks and to give to
'good-people' more performance".

But as any other medium to get the same goal...

Like http://opennic.alargador.org/filtro53.c for example, which makes
a "blacklist" each thousand queries, and ban the "bad" ips during
30000 queries more or less in real time...

I dont like arbitrary, complex or authority_based rules.

I like clear and fair_play rules.

In the other hand it is great that whitelist exist...


And everybody can use it or not.


Alejandro Bonet
albogoal AT gmail.com

PD: It is a personal choice matter. We must be clear.


2014-02-13 5:55 GMT+01:00, Brian Koontz <brian AT opennicproject.org>:
> On Wed, Feb 12, 2014 at 02:49:49PM -0500, Guillaume Parent wrote:
>> >Eventually opennic may go to only using whitelisting because of the
>> benefits from attacks.
>>
>> This will never happen unless you intend on kicking me out of the project
>> or forcibly remove my server from the list, FYI.
>
> I see no need for this to happen.  OpenNIC has no direct stake in how
> T2's are operated, nor do we want to be involved.  We provide the
> infrastructure if you want to use it.  If not, so be it.  No one is
> going to be kicked out.
>
>   --Brian
>
> ----
> To unsubscribe, email dns-operations-unsubscribe AT lists.opennicproject.org
>