bit of topic, but might make few people lough
Aleksandar Milivojevic
amilivojevic at pbl.ca
Tue Feb 22 16:08:47 UTC 2005
Paul Howarth wrote:
> What would you suggest they did instead of this?
Send NXDOMAIN.
> There has been a notice posted about the discontinuation of the ipwhois
> zone right at the top of the rfc-ignorant.org home page for months
> before the zone was stopped, and it's still there right now.
>
> Changing the NS records to point to localhost will not actually break
> anything but may result in log entries such as those you are seeing,
> which is people using your nameserver (who presumably you have some
> influence over) to look up entries in this zone. So is it possible for
> you to identify who is doing these lookups and point out to them the
> error of their ways?
The assumption you are making has little to do with reality. If you
were ISP, it is possible that you have logging of "lame server"
resolving turned off. Too much junk. Almost all log parsing programs I
saw ignore "lame server resolving" messages by default (including
LogWatch distributed with most Linux distribution).
In reality, I'd say that 99% of people who theoretically have access to
those logs are not going to see those error messages at all (or are
simply going to "grep -v" them). 99% of those that actually saw them,
are not going to react. Mostly because they'll simply assume it is just
another misconfigured server out there (correct assumption, BTW).
I'd be really surprised to see any significant reduction in number of
queries they are getting as a result of this "lame server" configuration
they made. I have the latest update of SpamAssassin installed on my
home FC2 installation. Did anybody bothered to make new updated package
for SpamAssassin that doesn't query now defunct service? Nope. Has
anybody bothered to report it as bug in bugzilla? Nope. That much
about how many people noticed those "lame server" messages in log files.
> By way of comparison, consider what the operator of the "monkeys.com"
> open proxy list did (this was a very popular list btw). After publicly
[snip]
> working, he set up the zone so that *every* IP address was listed.
> Suffice it to say that this got the attention of lots of people (but not
> all of the people still using it, strangely), but those people were less
> than happy!
Yeah, I saw that happen with more than one such service. Those were
examples of ultimate stupidity on behalf of owners of discontinued service.
If you are going to host that kind of database you should be prepared to
be queried for long time after service is discontinued. Most people
using it were not aware about the fact that they were using it in the
first place. They simply installed a program such as SpamAssassin.
Reaction of such average user could be: Me using rfc-ignorant? Nope,
don't think so. I'm using SpamAssassin instead. Oh, SpamAssassin is
using rfc-ignorant by default? Well, surprise to me.
An alternative would be to get new top-level domain for the service (for
example, ipwhois-rfc-ignorant.com) and let root servers generate
NXDOMAIN once the service is discontined (and domain deleted). Probably
not nice thing to do IMO (although root servers have enough bandwith and
CPU power to handle it).
Third alternative would be to send "the air is clean" response with huge
TTL (one year comes to mind) to each query until you see reduction in
number of queries. This is most likely the most network friendly
solution (since this "the air is clean" responses will be cached for
long time on numerous name servers around the globe, and they are not
going to break anything, or cause a damage to anybody). This is
probably the approach I would take if network bandwith those queries are
making becomes concern to me. Of course, in this case your service had
to be designed to send for example 127.0.0.1 when entry is not in the
database (instead of NXDOMAIN as some of the services are doing).
As a conclusion. If somebody wants to provide similar service to the
community, you don't simply go head first into it (as most people are
doing it). You need to plan well ahead, and have understanding of what
is going to happen once you discontinue the service and how to do it.
When such a day arrives that you need to turn off the service, you don't
want to create hard to fix damage to you. Nor you want to create hard
to fix damage to community. And this simple thing is something
overlooked too often by well meaning individuals and organizations
providing such services.
You know that proverb "road to hell is paved with good intentions".
Very appropriated in this case.
--
Aleksandar Milivojevic <amilivojevic at pbl.ca> Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
More information about the fedora-list
mailing list