F means filtered ?

Judd writes:

Paul A Vixie wrote:

Yes, I do. I have no opinion on whether spammers should or should not be
able to reach any given root name server, including "mine", but for the time
being I lack the hardware needed to firewall f.root-servers.net differently
than I do the rest of my network.

Perhaps someone else should be running f.root-servers.net then.

And the reason for that would be?

It's not like failing to reach f.root-servers.net will deny service
to anyone (you try g, h, a, b... if you can't get through).
If this were more widely deployed to more of them that might
be cause for some complaint by the spammers that they were
being discriminated against. But one of the 15 or so being
unavailable to... let's see, counting it up it looks like around
12 class C sized nets and 4 individual host machines is barely a
statistical blip. In the worst case, DNS lookups at those sites
take twice as long in 1 in 15 cases, and much less in practice
if their lookup software has any brains and stops querrying
roots it doesn't get responses from.

On the other hand, not having a real root server at the site
where the currently standard DNS software is being developed
would have obvious disadvantages for everyone on the net,
spammers included, as it would make the test/qualification/
bug resolution cycle much less coordinated.

Please explain why this is in reality enough of a problem for
anyone: spammers, the whole net, anyone... that it is worth
further time on the list...

-george william herbert

Sigh.. the point is that we have 9 (or so) root servers right now. All of
those can be counted on to provide name service for anybody for anything,
assuming of course that the network is okay. When someone starts blocking
certain sites' access, then we basically have 8 servers. Sooner or later,
someone else will decide to start blocking. Then we'll have 7. And so
on, until everyone has to use different root servers.

If you claim to be a root server with data for everyone, you should damn
well provide that data to everyone. Otherwise, you have no right to pose
as one of the root servers.


Judd Bourgeois PGP key ID 0xEDC21CA1
shagboy@world.std.com 25DDE4AF C5AFEF51 6905DC77 360F0387
To all my friends - It's not the end
The earth has not swallowed me yet - 311, "Freak Out"

Look, I think y'all are morons.

  1) if someone floods Paul's network, does that not make the
F root server unusuable to *everyone* ? why doesn't anyone pat him on
the back for taking defensive measures to protect a public resource?
Oh yeah, you know, your public library has locks on the doors, right?
Oh shit, better go take the locks off, the books are public resources,
everyone is supposed to have access!

  2) the volume of networks that Paul blocks is SO DAMN TINY,
I mean, it's infinitesimal, why are so many people wasting so much time
making so much noise about it?

  shut up and get back to business.