From: Jon Lewis (no email)
Date: Sun Feb 04 2007 - 17:49:46 EST
On Mon, 5 Feb 2007, Simon Lyall wrote:
> On Thu, 1 Feb 2007, Jay Hennigan wrote:
>> Set up a nameserver there. Configure it to return 127.0.0.2 (or
>> whatever the old MAPS reply for "spam" was) to all queries. Let it run
>> for a week. See if anything changes in terms of it getting hammered.
>
> Well I've seen some RBLs do this with about 2 days notice. Perhaps a
> special value could be defined ( 127.255.255.255 ? ) to tell users that
> the DNSBL is no longer in operation and shouldn't be used, standard
> software can then raise an error or whatever.
That doesn't help get the old/unwatched installations to stop sending
queries. It's been established that regardless of what you return, those
installations will continue querying the dead BL. That's why I think
your best/only option is to attempt to misdirect them by pointing NS at
. or unreachable space...effectively giving them someplace harmless to
send their queries or to fail them without even having to send them.
Killing the parent domain is an option too, but that only pushes the
problem onto someone else's plate (the TLD servers).
----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
|
|
|