headers
Danny Mayer | 26 Nov 04:28
Favicon

RE: DNS Server DoS Attacks

At 03:33 PM 11/25/02, Hallam-Baker, Phillip wrote:

> > Indeed, we took such considerations into account when we constructed
> > our services.  I don't know about "the sites".
>
>In which case we have to work out why the press either got hold of the
>wrong figures or misinterpreted the figures and used those as the basis
>of the Associated Press and Reuters reports.

This has nothing to do with namedroppers. You can't control where the
agencies and the newspapers get their information.

>By design or chance someone managed a reputation attack against the
>system
>that reached the mainstream media and resulted in senior policy people
>calling CEOs etc. That is a major problem. Media management must be a
>part of the solution.

I've almost never seen a newspaper article on something for which I have
direct personal knowledge get it right. However, this is not a TECHNICAL
problem, it's a management problem. You're asking in the wrong forum.

Danny

>                 Phill

--
to unsubscribe send a message to namedroppers-request <at> ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>
(Continue reading)

Permalink | Reply | 10 comments |
headers
D. J. Bernstein | 26 Nov 12:49
Picon

namedroppers mismanagement, continued

I've sent twelve messages to the namedroppers mailing list this month.
Five of them have been silently discarded by the namedroppers censor,
Randy Bush. (See http://cr.yp.to/djbdns/namedroppers.html for previous
incidents.)

Bush says that the only relevant feature of my messages is that they're
sent from an address that isn't subscribed to namedroppers. Okay, boys
and girls, let's look at some statistics:

   * 5/12 of my messages have been silently discarded;

   * according to Bush, this has nothing to do with me or the content,
     so we estimate that about 5/12 of all non-subscriber messages have
     been silently discarded;

   * in the past three months, there have been about 100 legitimate
     messages from other people who Bush labelled as non-subscribers;

   * so we estimate that, in the last three months, Bush has silently
     discarded about 71 legitimate messages from other people. That's a
     rate of hundreds per year.

Bush doesn't say ``Your message didn't go through.'' Bush doesn't say
``Reply to this bounce to confirm your original message.'' He simply
throws the message away.

This is supposed to be the mailing list for an open IETF working group.
It's outrageous that valid messages are being silently discarded---even
if the number is not as large as hundreds per year.
(Continue reading)

Permalink | Reply | 57 comments |
headers
Heinrich Mendelssohn | 26 Nov 12:53
Picon
Favicon

Re: Your friend's DNS

It seems that CH, the ccTLD for Switzerland, was listed as non-existant
during a few hours on Monday November 25, 2002 by A.ROOT-SERVERS.NET, as     
well as all the other ROOT-SERVERS.NET servers I checked.
I noticed the problem as suddenly a lot of .ch domains became
unresolvable and e-mails started to bounce...

The CH ccTLD was relisted again by A.ROOT-SERVERS.NET at about 14:55 GMT 
on November 25.       
Did anyone this, or know what happened ?  A human error at VeriSign ?
Have other ccTLDs been affected ?

Just curious,
Heinrich Mendelssohn

--
to unsubscribe send a message to namedroppers-request <at> ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>
Permalink | Reply | 3 comments |
headers
David Frascone | 26 Nov 13:13
Favicon
Gravatar

Re: namedroppers mismanagement, continued

[ post by non-subscriber.  with the massive amount of spam, it is easy to
  miss and therefore delete mis-posts.  so fix subscription addresses! ]

Why not simply subscribe and resend?

As a maintainer of several lists, I can confirm what a royal pain it is to
deal with people posting from non-subscribed addresses.  I usually get 1-2 a
week as I'm sorting through the 10-15 SPAMs a day.  I'm sure I mistakenly
reject many of them.

Just my $.02 worth,

-Dave

On Tuesday, 26 Nov 2002, D. J. Bernstein wrote:
> I've sent twelve messages to the namedroppers mailing list this month.
> Five of them have been silently discarded by the namedroppers censor,
> Randy Bush. (See http://cr.yp.to/djbdns/namedroppers.html for previous
> incidents.)
> 
> Bush says that the only relevant feature of my messages is that they're
> sent from an address that isn't subscribed to namedroppers. Okay, boys
> and girls, let's look at some statistics:
> 
>    * 5/12 of my messages have been silently discarded;
> 
>    * according to Bush, this has nothing to do with me or the content,
>      so we estimate that about 5/12 of all non-subscriber messages have
>      been silently discarded;
>
(Continue reading)

Permalink | Reply | 26 comments |
headers
Joe Baptista | 26 Nov 15:34

Re: namedroppers mismanagement, continued


Bernstein - I'm not surprised this is happening.  I've experimented with
your dns daemon and it is by far superior to the existing bind
implimentations.  So I'm frankly not very surprised Bush don't like your
posts.  But I will admit the behaviour is juvenile.  But again this should
not surprise us.

But to end this on a positive note - let me make clear I admire your work.

regards
joe baptista

On 26 Nov 2002, D. J. Bernstein wrote:

> I've sent twelve messages to the namedroppers mailing list this month.
> Five of them have been silently discarded by the namedroppers censor,
> Randy Bush. (See http://cr.yp.to/djbdns/namedroppers.html for previous
> incidents.)
>
> Bush says that the only relevant feature of my messages is that they're
> sent from an address that isn't subscribed to namedroppers. Okay, boys
> and girls, let's look at some statistics:
>
>    * 5/12 of my messages have been silently discarded;
>
>    * according to Bush, this has nothing to do with me or the content,
>      so we estimate that about 5/12 of all non-subscriber messages have
>      been silently discarded;
>
>    * in the past three months, there have been about 100 legitimate
(Continue reading)

Permalink | Reply | 2 comments |
headers
Keith Moore | 26 Nov 15:39
Picon

Re: namedroppers mismanagement, continued

> I've sent twelve messages to the namedroppers mailing list this month.
> Five of them have been silently discarded by the namedroppers censor,
> Randy Bush. (See http://cr.yp.to/djbdns/namedroppers.html for previous
> incidents.)

in my experience, if you send mail to the list administrator
and say "please add user <at> example.com as an address that is allowed
to post to this list", the problem goes away - for that list.

and no, I don't think that one should have to "say the secret magic words"
to make the right thing happen.    but it does seem to work in practice.

Keith

--
to unsubscribe send a message to namedroppers-request <at> ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>
Permalink | Reply | 0 comments |
headers
Hallam-Baker, Phillip | 26 Nov 16:01
Picon
Favicon

RE: namedroppers mismanagement, continued

I can't say that I am the worlds greatest Randy Bush fan, but he
does not appear to be behaving in the manner indicated.

I strongly suspect that the cause of this problem is more likely 
to be found in Bersnsteins obnoxious qsecretary program which 
requests repeated confirmation of emails sent to Bernstein.

The obvious solution to this problem would be to subscribe the 
address to namedroppers and then use the majordomo option to 
stop sending the messages.

		Phill

> -----Original Message-----
> From: D. J. Bernstein [mailto:djb <at> cr.yp.to]
> Sent: Tuesday, November 26, 2002 6:50 AM
> To: ietf <at> ietf.org
> Cc: iesg <at> ietf.org; namedroppers <at> ops.ietf.org
> Subject: namedroppers mismanagement, continued
> 
> 
> [ post by non-subscriber.  with the massive amount of spam, 
> it is easy to
>   miss and therefore delete mis-posts.  your subscription address is
>   54830374684695-namedroppers <at> sublist.cr.yp.to, please post from it or
>   fix subscription your subscription address! ]
> 
> I've sent twelve messages to the namedroppers mailing list this month.
> Five of them have been silently discarded by the namedroppers censor,
> Randy Bush. (See http://cr.yp.to/djbdns/namedroppers.html for previous
(Continue reading)

Permalink | Reply | 0 comments |
headers
Paul Vixie | 26 Nov 16:27

Re: Your friend's DNS

> It seems that CH, the ccTLD for Switzerland, was listed as non-existant
> during a few hours on Monday November 25, 2002 by A.ROOT-SERVERS.NET, as     
> well as all the other ROOT-SERVERS.NET servers I checked.

while i share your alarm that the data was missing, i am both relieved and
gratified that it was consistently missing.  all of the root servers offer
the same data all the time, subject only to axfr delays and soa parameters.

--
to unsubscribe send a message to namedroppers-request <at> ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>
Permalink | Reply | 0 comments |
headers
Kare Presttun | 26 Nov 16:27

Is this correct behavior?

Dear list readers!

I decided to dig into a mail bouncing problem and found
some behavior of two of the .no ccTLD servers that made
me wonder what is correct. Otlined below:

 From time to time I get a notice that a mail to me has bounced with
a notice saying:
 > -----Opprinnelig melding-----
 > Fra: postmaster <at> imail.oslonett.no
[mailto:postmaster <at> imail.oslonett.no]
 > Sendt: 21. november 2002 00:26
 > Til: < address deleted by me>
 > Emne: Undeliverable Mail
 >
 > Unknown host: Kare <at> Presttun.org
 >

Or like this one from Securityfocus:

<Kare <at> presttun.org>: Name service error for mail.securityfocus.com:
Host not    found, try again

\--45AD4A3131.1036699892/outgoing.securityfocus.com

So I decided to dig into it. Using the Squish service at:
http://www.squish.net/dnscheck/ I get error messages on
two of the .no nameservers (Outsourced to UltraDNS
who bought the customers from Nominum) namely
not.norid.no and njet.norid.no. Asking one of the gtld
(Continue reading)

Permalink | Reply | 5 comments |
headers
Matt Larson | 26 Nov 17:13
Picon
Favicon

Re: Your friend's DNS

Heinrich Mendelssohn wrote:
> It seems that CH, the ccTLD for Switzerland, was listed as
> non-existant during a few hours on Monday November 25, 2002 by
> A.ROOT-SERVERS.NET, as well as all the other ROOT-SERVERS.NET servers
> I checked. I noticed the problem as suddenly a lot of .ch domains
> became unresolvable and e-mails started to bounce...
>
> The CH ccTLD was relisted again by A.ROOT-SERVERS.NET at about 14:55
> GMT on November 25.
> Did anyone this, or know what happened ?  A human error at VeriSign ?
> Have other ccTLDs been affected ?

There have been no changes to the .ch delegation in the root zone since
October 22, 2002.  I verified this in the database from which the zone
is produced, as well as the resulting root zone files.  Did you save the
output of the query or note the serial number of the root zone that was
affected?

Did you use dig for this query?  You might have been burned by dig
assuming that "ch" meant the CHAOS class.  For example, the version of
dig that I have lying around (9.1.3) assumes that "dig
@a.root-servers.net ch ns" is a query for ./CHAOS/NS.  On the other
hand, adding a period after the TLD (dig @a.root-servers.net ch. ns)
performs the desired query for CH/IN/NS.  Could that have been what you
saw?

Matt
--
Matt Larson <mlarson <at> verisign.com>
VeriSign Global Registry Services
(Continue reading)

Permalink | Reply | 2 comments |

Gmane