bit of topic, but might make few people lough

Aleksandar Milivojevic amilivojevic at pbl.ca
Tue Feb 22 16:08:47 UTC 2005 

Paul Howarth wrote:
> What would you suggest they did instead of this?

Send NXDOMAIN.

> There has been a notice posted about the discontinuation of the ipwhois
> zone right at the top of the rfc-ignorant.org home page for months
> before the zone was stopped, and it's still there right now.
> 
> Changing the NS records to point to localhost will not actually break
> anything but may result in log entries such as those you are seeing,
> which is people using your nameserver (who presumably you have some
> influence over) to look up entries in this zone. So is it possible for
> you to identify who is doing these lookups and point out to them the
> error of their ways?

The assumption you are making has little to do with reality.  If you 
were ISP, it is possible that you have logging of "lame server" 
resolving turned off.  Too much junk.  Almost all log parsing programs I 
saw ignore "lame server resolving" messages by default (including 
LogWatch distributed with most Linux distribution).

In reality, I'd say that 99% of people who theoretically have access to 
those logs are not going to see those error messages at all (or are 
simply going to "grep -v" them).  99% of those that actually saw them, 
are not going to react.  Mostly because they'll simply assume it is just 
another misconfigured server out there (correct assumption, BTW).

I'd be really surprised to see any significant reduction in number of 
queries they are getting as a result of this "lame server" configuration 
they made.  I have the latest update of SpamAssassin installed on my 
home FC2 installation.  Did anybody bothered to make new updated package 
for SpamAssassin that doesn't query now defunct service?  Nope.  Has 
anybody bothered to report it as bug in bugzilla?  Nope.  That much 
about how many people noticed those "lame server" messages in log files.

> By way of comparison, consider what the operator of the "monkeys.com"
> open proxy list did (this was a very popular list btw). After publicly
[snip]
> working, he set up the zone so that *every* IP address was listed.
> Suffice it to say that this got the attention of lots of people (but not
> all of the people still using it, strangely), but those people were less
> than happy!

Yeah, I saw that happen with more than one such service.  Those were 
examples of ultimate stupidity on behalf of owners of discontinued service.

If you are going to host that kind of database you should be prepared to 
be queried for long time after service is discontinued.  Most people 
using it were not aware about the fact that they were using it in the 
first place.  They simply installed a program such as SpamAssassin. 
Reaction of such average user could be: Me using rfc-ignorant?  Nope, 
don't think so.  I'm using SpamAssassin instead.  Oh, SpamAssassin is 
using rfc-ignorant by default?  Well, surprise to me.

An alternative would be to get new top-level domain for the service (for 
example, ipwhois-rfc-ignorant.com) and let root servers generate 
NXDOMAIN once the service is discontined (and domain deleted).  Probably 
not nice thing to do IMO (although root servers have enough bandwith and 
CPU power to handle it).

Third alternative would be to send "the air is clean" response with huge 
TTL (one year comes to mind) to each query until you see reduction in 
number of queries.  This is most likely the most network friendly 
solution (since this "the air is clean" responses will be cached for 
long time on numerous name servers around the globe, and they are not 
going to break anything, or cause a damage to anybody).  This is 
probably the approach I would take if network bandwith those queries are 
making becomes concern to me.  Of course, in this case your service had 
to be designed to send for example 127.0.0.1 when entry is not in the 
database (instead of NXDOMAIN as some of the services are doing).

As a conclusion.  If somebody wants to provide similar service to the 
community, you don't simply go head first into it (as most people are 
doing it).  You need to plan well ahead, and have understanding of what 
is going to happen once you discontinue the service and how to do it. 
When such a day arrives that you need to turn off the service, you don't 
want to create hard to fix damage to you.  Nor you want to create hard 
to fix damage to community.  And this simple thing is something 
overlooked too often by well meaning individuals and organizations 
providing such services.

You know that proverb "road to hell is paved with good intentions". 
Very appropriated in this case.

-- 
Aleksandar Milivojevic <amilivojevic at pbl.ca>    Pollard Banknote Limited
Systems Administrator                           1499 Buffalo Place
Tel: (204) 474-2323 ext 276                     Winnipeg, MB  R3T 1L7

More information about the fedora-list mailing list