From Mohsen.Souissi at nic.fr Thu Nov 13 17:06:14 2003 From: Mohsen.Souissi at nic.fr (Mohsen Souissi) Date: Thu, 13 Nov 2003 17:06:14 +0100 Subject: [dns-wg] "adding IPv6 glue to root zone" document In-Reply-To: <20031020132834.GL20204@rvdp.org>; from Ronald.vanderPol@rvdp.org on Mon, Oct 20, 2003 at 03:28:34PM +0200 References: <20031020132834.GL20204@rvdp.org> Message-ID: <20031113170614.E5113@kerkenna.nic.fr> Hi, Thanks very much for that document. It is very useful for the community. I have only 2 comments concerning Appendix A: 1) Among the 39 mentioned name servers, why are there duplicates (same names with the same addresses, see for example d.dns.jp (3 times) or ns.nic.ir (2 times) ? 2) As far as I know, the IPv4-mapped IPv6 addresses are irrelevant in this context (see *.dotdm.net et *.netdns.com), do these name servers have regular (2001 or 3ffe) IPv6 addresses ? On the other hand, I would like to share with you the follwing document which focuses on DNS response size calculation (from root servers) and name compression for TLDs with IPv6 taken into account. A part of the document sections deal with the general case, so they can apply to any TLD. The remaining sections contain calculations for .FR and may be easily extended to any other TLD. If you have any comment, suggestion or correction, don't hesitate to send them to: ipv6tech at nic.fr. Please find the document at: http://w6.nic.fr/dnsv6/dns-resp-size-and-name-compression Regards, Mohsen. On 20 Oct, Ronald van der Pol wrote: | At RIPE 46 we presented measurements about the effects of adding | IPv6 glue to the root zone. | | As promised, we made more measurements and have written a document: | http://www.nlnetlabs.nl/ipv6/publications/v6rootglue.pdf | | rvdp From Ronald.vanderPol at rvdp.org Fri Nov 14 17:29:45 2003 From: Ronald.vanderPol at rvdp.org (Ronald van der Pol) Date: Fri, 14 Nov 2003 17:29:45 +0100 Subject: [dns-wg] "adding IPv6 glue to root zone" document In-Reply-To: <20031113170614.E5113@kerkenna.nic.fr> References: <20031020132834.GL20204@rvdp.org> <20031113170614.E5113@kerkenna.nic.fr> Message-ID: <20031114162945.GA13702@rvdp.org> On Thu, Nov 13, 2003 at 17:06:14 +0100, Mohsen Souissi wrote: > Hi, > > Thanks very much for that document. It is very useful for the > community. > > I have only 2 comments concerning Appendix A: Thanks for your comments. > 1) Among the 39 mentioned name servers, why are there duplicates (same > names with the same addresses, see for example d.dns.jp (3 times) or > ns.nic.ir (2 times) ? Oops. Seems like I forgot a uniq(1). The result with respect to drops still stands, but the 39 figure is actually less. > 2) As far as I know, the IPv4-mapped IPv6 addresses are irrelevant in > this context (see *.dotdm.net et *.netdns.com), do these name servers > have regular (2001 or 3ffe) IPv6 addresses ? We queried the auth nameservers for those. They only report mapped addresses, no global addresses. Why are these mapped addresses irrelevant in this context? They show up in the additional section. > On the other hand, I would like to share with you the follwing > document which focuses on DNS response size calculation (from root > servers) and name compression for TLDs with IPv6 taken into account. A > part of the document sections deal with the general case, so they can > apply to any TLD. The remaining sections contain calculations for .FR > and may be easily extended to any other TLD. If you have any comment, > suggestion or correction, don't hesitate to send them to: > ipv6tech at nic.fr. > > Please find the document at: > > http://w6.nic.fr/dnsv6/dns-resp-size-and-name-compression I will have a look at it. rvdp From Mohsen.Souissi at nic.fr Fri Nov 14 18:30:27 2003 From: Mohsen.Souissi at nic.fr (Mohsen Souissi) Date: Fri, 14 Nov 2003 18:30:27 +0100 Subject: [dns-wg] "adding IPv6 glue to root zone" document In-Reply-To: <20031114162945.GA13702@rvdp.org>; from Ronald.vanderPol@rvdp.org on Fri, Nov 14, 2003 at 05:29:45PM +0100 References: <20031020132834.GL20204@rvdp.org> <20031113170614.E5113@kerkenna.nic.fr> <20031114162945.GA13702@rvdp.org> Message-ID: <20031114183027.P7947@kerkenna.nic.fr> On 14 Nov, Ronald van der Pol wrote: | On Thu, Nov 13, 2003 at 17:06:14 +0100, Mohsen Souissi wrote: | | > Hi, | > | > Thanks very much for that document. It is very useful for the | > community. | > | > I have only 2 comments concerning Appendix A: | | Thanks for your comments. | | > 1) Among the 39 mentioned name servers, why are there duplicates (same | > names with the same addresses, see for example d.dns.jp (3 times) or | > ns.nic.ir (2 times) ? | | Oops. Seems like I forgot a uniq(1). The result with respect to drops | still stands, but the 39 figure is actually less. | | > 2) As far as I know, the IPv4-mapped IPv6 addresses are irrelevant in | > this context (see *.dotdm.net et *.netdns.com), do these name servers | > have regular (2001 or 3ffe) IPv6 addresses ? | | We queried the auth nameservers for those. They only report mapped | addresses, no global addresses. Why are these mapped addresses irrelevant | in this context? They show up in the additional section. ==> Hmmm... Can you reach them? ;-) I can't ! Going back to a discussion which took place 2 years ago on dnsop mailing-list, I found the following thread: http://www.cafax.se/dnsop/maillist/2001-09/msg00021.html Hope that helps... Mohsen. From Ronald.vanderPol at rvdp.org Sun Nov 16 14:26:18 2003 From: Ronald.vanderPol at rvdp.org (Ronald van der Pol) Date: Sun, 16 Nov 2003 14:26:18 +0100 Subject: [dns-wg] "adding IPv6 glue to root zone" document In-Reply-To: <20031114183027.P7947@kerkenna.nic.fr> References: <20031020132834.GL20204@rvdp.org> <20031113170614.E5113@kerkenna.nic.fr> <20031114162945.GA13702@rvdp.org> <20031114183027.P7947@kerkenna.nic.fr> Message-ID: <20031116132618.GA25827@rvdp.org> On Fri, Nov 14, 2003 at 18:30:27 +0100, Mohsen Souissi wrote: > ==> Hmmm... Can you reach them? ;-) I can't ! Going back to a > discussion which took place 2 years ago on dnsop mailing-list, I found > the following thread: > > http://www.cafax.se/dnsop/maillist/2001-09/msg00021.html I guess we are not on the same frequency yet. All I am saying is that those mapped addresses are in DNS now. So, they are inserted into the additional section and may cause drops. I agree with you that it is quite useless (and even harmful) to put them in DNS. Are we in sync again? rvdp From Mohsen.Souissi at nic.fr Mon Nov 17 09:15:31 2003 From: Mohsen.Souissi at nic.fr (Mohsen Souissi) Date: Mon, 17 Nov 2003 09:15:31 +0100 Subject: [dns-wg] "adding IPv6 glue to root zone" document In-Reply-To: <20031116132618.GA25827@rvdp.org>; from Ronald.vanderPol@rvdp.org on Sun, Nov 16, 2003 at 02:26:18PM +0100 References: <20031020132834.GL20204@rvdp.org> <20031113170614.E5113@kerkenna.nic.fr> <20031114162945.GA13702@rvdp.org> <20031114183027.P7947@kerkenna.nic.fr> <20031116132618.GA25827@rvdp.org> Message-ID: <20031117091531.A16773@kerkenna.nic.fr> On 16 Nov, Ronald van der Pol wrote: | On Fri, Nov 14, 2003 at 18:30:27 +0100, Mohsen Souissi wrote: | | > ==> Hmmm... Can you reach them? ;-) I can't ! Going back to a | > discussion which took place 2 years ago on dnsop mailing-list, I found | > the following thread: | > | > http://www.cafax.se/dnsop/maillist/2001-09/msg00021.html | | I guess we are not on the same frequency yet. All I am saying is | that those mapped addresses are in DNS now. So, they are inserted into | the additional section and may cause drops. I agree with you that it | is quite useless (and even harmful) to put them in DNS. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ==> That's why I was talking about relevance of these addresses in my first message :-) On my turn, I agree with you can put any IPv6 address in the DNS provided that it is correctly formatted. | Are we in sync again? ==> Yes we are! Mohsen. From use.signature.ripe at awot.fi Thu Nov 27 16:55:56 2003 From: use.signature.ripe at awot.fi (use.signature.ripe at awot.fi) Date: Thu, 27 Nov 2003 17:55:56 +0200 (EET) Subject: [dns-wg] rMX and rDNS together make spamming more difficult ? Message-ID: <377fd6dcb0bd382808505557ef70dad83fc63b3b@mhs> My idea is check senders (MTA s) ip and priviledges to use smtp, not using protocol headers or other content filtering method. My idea is control connection (ip) using reverse dns lookup database, not dns lookup. My proposal include also method to handle roaming mta. Mail sending is done from ip, not from domain. Reverse dns is mostly controlled by operators and "big companies", so we have less players as in domain structure and I believe that it is easier to make "operator blacklist" as domains. This idea is simple (too simple to be true ? That I m asking) to add every access control level : firewall, proxies, filters, wrappers, smtp servers, ... Proposal rMX using rDNS: http://www.awot.fi/sf/browser/showfile?cust=awkoulutus&subdir=dns&doc=reverse_mx I m waiting feedback, have I missed something ? -jukka- Jukka do.t Inkeri at Awot do.t Fi From use.signature.ripe at awot.fi Thu Nov 27 17:17:02 2003 From: use.signature.ripe at awot.fi (use.signature.ripe at awot.fi) Date: Thu, 27 Nov 2003 18:17:02 +0200 (EET) Subject: [dns-wg] rMX and rDNS together make spamming more difficult ? Message-ID: <5c768ea4388ef192a1d857982a2a9c863fc6402d@mhs> 27 Nov 2003 I got mail, which include hint to look MTAmark. So look also MTAmark draft http://www.space.net/~maex/draft-irtf-asrg-mtamark-00.txt -jukka- Jukka do.t Inkeri at Awot do.t Fi From jorgen at hovland.cx Thu Nov 27 17:25:02 2003 From: jorgen at hovland.cx (=?iso-8859-1?Q?J=F8rgen_Hovland?=) Date: Thu, 27 Nov 2003 16:25:02 -0000 Subject: [dns-wg] rMX and rDNS together make spamming more difficult ? References: <377fd6dcb0bd382808505557ef70dad83fc63b3b@mhs> Message-ID: <013d01c3b503$02d2bac0$7e18c389@macs.hw.ac.uk> Hi Feedback: Your idea sounds just like any other blacklisting, except for that you want to deny anybody by default instead and add the ones you want to accept. Thats sounds like a huge project, maybe too huge. What would you really want to accept on your list? There are countries allowing spam, and there are countries partly allowing it. I do not want to block the "legal" spam. Would you add "legally" spamming companies? Spammers using compromised systems to spam is another thing. That sure is one annoying problem... I do not think you have the general solution, and I don't have any ideas for one either. But keep it brainstorming! Best regards, Joergen Hovland If you want to know how we try to stop spam: We are currently handling spam by blocking all known dialups/dhcp ranges. On top of that we block entire countries (or all countries except for the ones on the list) per emailaccount decided by the customer. This blocking is based on the IP-address of the remote-mailserver trying to send us the email. My own email blocks every country except UK, Netherlands, USA and Scandinavia. ----- Original Message ----- From: To: Sent: Thursday, November 27, 2003 3:55 PM Subject: [dns-wg] rMX and rDNS together make spamming more difficult ? > My idea is check senders (MTA s) ip and priviledges to use smtp, not using protocol headers or other content filtering method. My idea is control connection (ip) using reverse dns lookup database, not dns lookup. My proposal include also method to handle roaming mta. > > Mail sending is done from ip, not from domain. > > Reverse dns is mostly controlled by operators and "big companies", so we have less players as in domain structure and I believe that it is easier to make "operator blacklist" as domains. > > This idea is simple (too simple to be true ? That I m asking) to add every access control level : firewall, proxies, filters, wrappers, smtp servers, ... > > Proposal rMX using rDNS: > http://www.awot.fi/sf/browser/showfile?cust=awkoulutus&subdir=dns&doc=reverse_mx > > I m waiting feedback, have I missed something ? > > -jukka- > Jukka do.t Inkeri at Awot do.t Fi > From jim at rfc1035.com Thu Nov 27 17:27:50 2003 From: jim at rfc1035.com (Jim Reid) Date: Thu, 27 Nov 2003 16:27:50 +0000 Subject: [dns-wg] Agenda for RIPE47 Message-ID: <16509.1069950470@gromit.rfc1035.com> You are all invited to suggest agenda items and presentations for the WG Agenda at the next meeting. Please let your chairs know what you'd like discussed at RIPE47. From jim at rfc1035.com Thu Nov 27 17:32:20 2003 From: jim at rfc1035.com (Jim Reid) Date: Thu, 27 Nov 2003 16:32:20 +0000 Subject: [dns-wg] rMX and rDNS together make spamming more difficult ? In-Reply-To: Your message of "Thu, 27 Nov 2003 17:55:56 +0200." <377fd6dcb0bd382808505557ef70dad83fc63b3b@mhs> Message-ID: <16527.1069950740@gromit.rfc1035.com> >> My idea is check senders (MTA s) ip and priviledges to use >> smtp, not using protocol headers or other content filtering >> method. My idea is control connection (ip) using reverse dns >> lookup database, not dns lookup. I'm confused. How do you propose to use the reverse DNS database without doing a DNS lookup? Please explain. Oh, and please use a real email address on this list. IIRC postings are only permitted from list members which means the list should be spam-free. Putting garbage in the From: header is not appreciated. From use.signature.ripe at awot.fi Fri Nov 28 06:57:33 2003 From: use.signature.ripe at awot.fi (use.signature.ripe at awot.fi) Date: Fri, 28 Nov 2003 07:57:33 +0200 (EET) Subject: [SPAM] Re: [dns-wg] rMX and rDNS together make spamming more difficult ? Message-ID: <329de9b29fde6c1c1a7533ea676d3ece3fc70077@mhs> Jaap Akkerhuis wrote: > I m waiting feedback, have I missed something ? > > Probably. The dns-wg is about dns, not about anti-spam. Maybe you > should take your ideas to the antispam group first. > I think that is very limited thinking. If we all only think that I only care my sandbox then we have this kind of problem. It was one of RIPE s person said after I was published this idea in a antispamlist that maybe also open discuss on dns-wg list ... Maybe he saw that this kind of co-operate is needed to build more rules to take care of that our nets works in future. I hate rules. But we need rules, because Internet is not any more that nice environment what it was ex. on 90 s. Some people think that net is free place todo and TRY everything. Somebody must take care build more rules that those who like to use net like it has planned, build something to take care it. Why dns-wg ? Because if we (operator, ISP,...) like to build better working net, we need dns help also in this kind of solution. And my ideas (and MTAmark) need in-addr.arpa domains updating. That the reason why I published my idea also in this forum. And only (except J rgen) feedback what I have got is something like is this correct forum, why you don t use your real email, or why write my email some stupid format on ... but I have not yet got any real feedback where has analyze base idea. Is that possible that it give some more than current methods ? So most feedbacks has been personal, no need to send maillist and cause noice. If some mail not belongs some maillist, simpliest way is say nothing. Then it s only one line ... My idea give posibilities to limit acceptable mta s, not stop. But if somebody server like to make selection to accept connection only from in in-addr-arpa. domain registered mta s, then it can do it. Selection is server priviledge. And if youlike to send mail to that server, you must use registered mta. So it is one more tool to smtp rule stack. Or are you saying that everything is okay, we have no risk that something crash ? Ex. if Finlands biggest operator route smtp packet even 5 weeks, our network is okay ? This is true in year 2003. -jukka- From paf at cisco.com Fri Nov 28 07:02:34 2003 From: paf at cisco.com (=?ISO-8859-1?Q?Patrik_F=E4ltstr=F6m?=) Date: Fri, 28 Nov 2003 07:02:34 +0100 Subject: [SPAM] Re: [dns-wg] rMX and rDNS together make spamming more difficult ? In-Reply-To: <329de9b29fde6c1c1a7533ea676d3ece3fc70077@mhs> References: <329de9b29fde6c1c1a7533ea676d3ece3fc70077@mhs> Message-ID: <75B576D8-2168-11D8-A94E-000A959CF516@cisco.com> On 2003-11-28, at 06.57, use.signature.ripe at awot.fi wrote: >> Probably. The dns-wg is about dns, not about anti-spam. Maybe you >> should take your ideas to the antispam group first. >> > I think that is very limited thinking. If we all only think that I > only care my sandbox then we have this kind of problem. It was one of > RIPE s person said after I was published this idea in a antispamlist > that maybe also open discuss on dns-wg list ... What Jaap is saying is that the DNS wg is dealing with DNS issues, and the RMX one is definitely not a DNS issue. The DNS part of RMX is simple, and works. The impact on SMTP, and potentially what RMX help with etc must be discussed with SMTP people, not DNS people. Of course, the membership of such groups (DNS and SMTP) is overlapping, BUT, we need to try to make sure things are discussed in the correct forum. > Why dns-wg ? Because if we (operator, ISP,...) like to build better > working net, we need dns help also in this kind of solution. And my > ideas (and MTAmark) need in-addr.arpa domains updating. That the > reason why I published my idea also in this forum. Correct, and DNS issues and rules are to be discussed here. Including a rule which say "one should always have RMX records if one have MX" is such a potential rule. paf From jaap at sidn.nl Thu Nov 27 21:45:01 2003 From: jaap at sidn.nl (Jaap Akkerhuis) Date: Thu, 27 Nov 2003 21:45:01 +0100 Subject: [dns-wg] rMX and rDNS together make spamming more difficult ? In-Reply-To: Your message of Thu, 27 Nov 2003 17:55:56 +0200. <377fd6dcb0bd382808505557ef70dad83fc63b3b@mhs> Message-ID: <200311272045.hARKj1rP049823@bartok.sidn.nl> I m waiting feedback, have I missed something ? Probably. The dns-wg is about dns, not about anti-spam. Maybe you should take your ideas to the antispam group first. jaap