-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Iljitsch van Beijnum wrote:
<snip>
| | My argument was (is) that having RFC 1918 routes or packets escape | doesn't add additional problems on top of the fundamental problem that | routes or packets with the wrong addresses get out. Letting out wrong | (non-RFC 1918) addresses hurts the legitimate holder of those addresses. | With RFC 1918 addresses this isn't a problem.
In the DNS case this is incorrect. What happens is that you get a udp packet with a return addr of 10.0.0.1 and not only don't you know what to do with it so you have to throw it away but you can be sure of getting the *same* query again, and again, and again, presumably from the *same* client who can't figure out why the reply isn't coming back.
This happens in many protocols which are (contrary to popular belief) deployed on the Internet today.
| | I don't think another 10% load on the root nameservers is a huge deal, | so I wouldn't use the word "harmful" but I guess this is a special case
Again. You'll have to ask the operators of the root-zone if they consider 11-14% a big deal. Maybe some of them are listening....
| I read a report that only 2% of the hits on the root servers is both | legitimate and useful anyway.
~From the presentation I refer to which unfortunately is in Swedish but you can probably read the numbers anyway... :
http://www.iis.se/Internetdagarna/2003/23-robust-dns/id03-23-lars-johanliman.pdf
this is clearly not the case. The rfc1918-queries consistute the bulk
of bad queries ("DUMMA frågor" on page 4 of the presentation). I must
however confess ignorance as to what queries are 'useful'. Presumably
even the rfc1918-queries were deemed useful for someone since they
were sent in the first place.Cheers Leif
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/h8xI8Jx8FtbMZncRAmLHAJ9gRWRPZ+oJRRG/Xr+EeLQLRM1FBwCgixT/ sf5v+ALitXYAaXHDGp8PCuM= =KMeC -----END PGP SIGNATURE-----