nanog mailing list archives
Re: Schneier: ISPs should bear security burden
From: Steven Champeon <schampeo () hesketh com>
Date: Mon, 2 May 2005 13:28:33 -0400
on Mon, May 02, 2005 at 01:16:40PM -0400, Joe Maimon wrote:
Steven Champeon wrote:on Sun, May 01, 2005 at 10:40:21PM -0400, Joe Maimon wrote:What does the rest of the internet gain when all IPs have boilerplate reverse DNS setup for them, especialy with all these wildly differing and wacky naming "conventions"?I don't care what the rest of the Internet gains, but I can say that knowing something about these "wildly differing and wacky naming conventions" has cut my spam load down by 98% or more. By knowing who names their networks what, even wild-assed guesses at times have kept the DDoS that is spam botnets from destroying the utility of email here.Thats not quite what I was asking. Would you not have preferred being able to do all the above simply by being able to assume that all these "dialup" systems would not have any RDNS?
No.
The question restated is what is the benifit in advocating "dialup names" as opposed to simply recommending that dialup ranges get NO rDNS?
More information is always better.
For spam/abuse prevention it surely is less usefull. Its much easier to block IP with no rDNS than to maintain a list of patterns of rDNS that should be blocked.
Surely. And yet, knowing that Comcast addresses are responsible for a third of the abuse against my mail server is easier when all of the hosts' rDNS ends in "comcast.net", so I don't need to do whois lookups on each IP.
I understand that RFCs recommend/require it. I want to know about specific benefits to the internet at large (not to the user who now has rDNS) Given a choice between ISP using unpredictable naming patterns or no name for dialup ranges, what would your preference be?
Predictable naming conventions, preferably right-anchored, such as '.dialup.dynamic.example.net' If you're saying that's not possible, then I'd prefer unpredictable names over no rDNS at all (though preferably at least consistently implemented within a given rDNS domain)... -- hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com join us! http://hesketh.com/about/careers/account_manager.html join us!
Current thread:
- Re: Schneier: ISPs should bear security burden, (continued)
- Re: Schneier: ISPs should bear security burden Valdis . Kletnieks (May 01)
- Message not available
- Re: Schneier: ISPs should bear security burden Valdis . Kletnieks (May 01)
- Re: Schneier: ISPs should bear security burden Valdis . Kletnieks (May 01)
- Re: Schneier: ISPs should bear security burden Jay R. Ashworth (May 01)
- Re: Schneier: ISPs should bear security burden Dave Rand (May 01)
- Re: Schneier: ISPs should bear security burden Mark Andrews (May 01)
- Re: Schneier: ISPs should bear security burden Paul Vixie (May 02)
- Re: Schneier: ISPs should bear security burden Mark Andrews (May 01)
- Re: Schneier: ISPs should bear security burden Joe Maimon (May 01)
- Re: Schneier: ISPs should bear security burden Suresh Ramasubramanian (May 02)
- Re: Schneier: ISPs should bear security burden Steven Champeon (May 02)
- Re: Schneier: ISPs should bear security burden Joe Maimon (May 02)
- Re: Schneier: ISPs should bear security burden Steven Champeon (May 02)
- Re: Schneier: ISPs should bear security burden Valdis . Kletnieks (May 02)