North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Schneier: ISPs should bear security burden
on Mon, May 02, 2005 at 01:16:40PM -0400, Joe Maimon wrote: > Steven Champeon wrote: > >on Sun, May 01, 2005 at 10:40:21PM -0400, Joe Maimon wrote: > > > >>What does the rest of the internet gain when all IPs have boilerplate > >>reverse DNS setup for them, especialy with all these wildly differing > >>and wacky naming "conventions"? > > > > > >I don't care what the rest of the Internet gains, but I can say that > >knowing something about these "wildly differing and wacky naming > >conventions" has cut my spam load down by 98% or more. By knowing who > >names their networks what, even wild-assed guesses at times have kept > >the DDoS that is spam botnets from destroying the utility of email here. > > Thats not quite what I was asking. Would you not have preferred being > able to do all the above simply by being able to assume that all these > "dialup" systems would not have any RDNS? No. > The question restated is what is the benifit in advocating "dialup > names" as opposed to simply recommending that dialup ranges get NO rDNS? More information is always better. > For spam/abuse prevention it surely is less usefull. Its much easier to > block IP with no rDNS than to maintain a list of patterns of rDNS that > should be blocked. Surely. And yet, knowing that Comcast addresses are responsible for a third of the abuse against my mail server is easier when all of the hosts' rDNS ends in "comcast.net", so I don't need to do whois lookups on each IP. > I understand that RFCs recommend/require it. I want to know about > specific benefits to the internet at large (not to the user who now has > rDNS) > > Given a choice between ISP using unpredictable naming patterns or no > name for dialup ranges, what would your preference be? Predictable naming conventions, preferably right-anchored, such as '.dialup.dynamic.example.net' If you're saying that's not possible, then I'd prefer unpredictable names over no rDNS at all (though preferably at least consistently implemented within a given rDNS domain)... -- hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com join us! http://hesketh.com/about/careers/account_manager.html join us!