-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Iljitsch van Beijnum wrote:
<snip>
|
| My argument was (is) that having RFC 1918 routes or packets escape
| doesn't add additional problems on top of the fundamental problem that
| routes or packets with the wrong addresses get out. Letting out wrong
| (non-RFC 1918) addresses hurts the legitimate holder of those addresses.
| With RFC 1918 addresses this isn't a problem.
In the DNS case this is incorrect. What happens is that you get a udp
packet with a return addr of 10.0.0.1 and not only don't you know what
to do with it so you have to throw it away but you can be sure of
getting the *same* query again, and again, and again, presumably from
the *same* client who can't figure out why the reply isn't coming back.
This happens in many protocols which are (contrary to popular belief)
deployed on the Internet today.
|
| I don't think another 10% load on the root nameservers is a huge deal,
| so I wouldn't use the word "harmful" but I guess this is a special case
Again. You'll have to ask the operators of the root-zone if they
consider 11-14% a big deal. Maybe some of them are listening....
| I read a report that only 2% of the hits on the root servers is both
| legitimate and useful anyway.
~From the presentation I refer to which unfortunately is in Swedish but
you can probably read the numbers anyway... :
http://www.iis.se/Internetdagarna/2003/23-robust-dns/id03-23-lars-johanliman.pdf
this is clearly not the case. The rfc1918-queries consistute the bulk
of bad queries ("DUMMA frågor" on page 4 of the presentation). I must
however confess ignorance as to what queries are 'useful'. Presumably
even the rfc1918-queries were deemed useful for someone since they
were sent in the first place.
Cheers Leif
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/h8xI8Jx8FtbMZncRAmLHAJ9gRWRPZ+oJRRG/Xr+EeLQLRM1FBwCgixT/
sf5v+ALitXYAaXHDGp8PCuM=
=KMeC
-----END PGP SIGNATURE-----