> Why cant these deadshits just drop the DNS entries rather than piss > off the rest of the world?
How else are said "deadshits" suppose to encourage people to remove their stale DNS RBL configs?
It is perfectly logical that the "deadshits" would want to do something so that they do not continue to be bombarded with DNS queries from different deadshits that have not removed ORDB from their RBL config.
> I already stated what they could do in my original post which of course > you selectively did not quote, it is afterall what 99% of all other > defunct RBLs have done over the years.
On 3/25/2008 4:53 PM, Res wrote:
>> why cant these deadshits just drop the DNS entries
Ok, let's make sure that we understand each other. You are wanting the deadshits to drop the DNS query traffic for their now defunct RBL, correct?
(Presuming yes.)
A simple TCPDump (tcpdump -xXnNi eth0 -s 0 host 87.51.32.6) while querying (nslookup 127.0.0.2.relays.ordb.org 87.51.32.6) will shed some light on the subject.
So based on this I'm going to say that the DNS query is 85 bytes. I'm also going to say that the DNS reply is 202 bytes. (I'm not taking in to account that we will be sending things in 64 byte segments on Ethernet so these numbers will possibly even be low.)
> Yet another mob of clueless f'wits running an RBL > why cant these deadshits just drop the DNS entries rather than piss off
...
Considering that the DNSBL closed in December 2006 and that someone is still using them, exactly what else do you expect them to do? The only people they're "pissing off" are those who after 15 months didn't have the sense to remove the checks against that DNSBL. Seems to me as if you're among the clueless ones.
> So based on this I'm going to say that the DNS query is 85 bytes. > I'm also going to say that the DNS reply is 202 bytes. (I'm not > taking in to account that we will be sending things in 64 byte > segments on Ethernet so these numbers will possibly even be low.)
According to ISO, there are 246 country codes.
For the sake of this discussion, let's say that each country code will send one query per second. That means that there will be 167+ kbps of inbound DNS (query) traffic until everyone decides to update their RBL list. That translates to 1.8+ GB of traffic a day or 54.1+ GB of traffic a month of inbound DNS queries per day for a service that is now defunct. It is very likely that this traffic will very slowly taper off over a very long time.
Let's consider the reply traffic. The reply traffic will be 397+ kbps of outbound DNS (reply) traffic. This translates to 4.2+ GB of traffic a day or 128.8+ GB of traffic a month of outbound DNS replies per day for a service that is now defunct.
So if we combine the inbound queries and outbound replies, ORDB will have 564+ kbps of DNS traffic. This translates to 6.1+ GB of traffic a day or 183+ GB of traffic a month of DNS traffic for a service that is now defunct.
So, would you rather drop 54.1 GB of traffic a month for the next how ever many months (open ended until everyone removes relays.ordb.org from their config) or would you rather have 183 GB of traffic for one month. I will even go so far as to say that you will not even have a full 183 GB of traffic because you have done something to ensure that people will react to what you did with in a matter of days.
You play with the numbers and and see what you would want to do long term if you were facing this amount of traffic. Just imagine what it would be like if the rate of queries was higher than one per country code per second...
Res <r...@ausics.net> wrote: > On Tue, 25 Mar 2008, Grant Taylor wrote:
> > On 03/25/08 16:53, Res wrote: > >> Why cant these deadshits just drop the DNS entries rather than piss off > >> the > >> rest of the world?
> > How else are said "deadshits" suppose to encourage people to remove their > > stale DNS RBL configs?
> > It is perfectly logical that the "deadshits" would want to do something so > > that they do not continue to be bombarded with DNS queries from different > > deadshits that have not removed ORDB from their RBL config.
> I already stated what they could do in my original post which of course > you selectively did not quote, it is afterall what 99% of all other > defunct RBLs have done over the years.
And both your recommendation and your claim about 99% of other defunct "RBL's" (RBL is not a generic term used by anyone with half a clue) demonstrate that you don't know what you're talking about. To not be simply a liar, you'd have to identify at least 400 defunct DNSBL's...
There's a big problem with shutting down a high-volume DNS zone, in that the queries keep coming. Imbeciles (like anyone still querying ORDB) keep pounding away and if the zone wasn't planned out for termination from the start, there's a good chance that there are no good options for harmless shutdown. http://www.ietf.org/internet-drafts/draft-irtf-asrg-bcp-blacklists-01... discusses this, as did the prior version. The issues have been discussed at length on the ASRG list and in other spam-focused fora and people who have tried to do the right things (which DO NOT include pushing the problem upstream to the gTLD roots) have not reported promising results from doing so.
ORDB was very public about their shutdown. Anyone running a mail server still using them now deserves a long closed-door meeting with The Boss and HR and a big guy from Security with a large cardboard box. Letting a mail server sit that way for 15 months doing pointless DNS queries on every message is a demonstration of incompetence.
(and no, I do not have much sympathy for anyone who set up a mail filtering system thinking it didn't need regular adjustment. Some flavors of ignorance require concrete lessons to overcome. )
Does any one know if ORDB changed the IP address of the name servers for the "relays.ordb.org" query (sub)domail to Test-Net IPs like suggested prior to using "colateral damage" as they are now doing?
Further, does any one know if ORDB changed what queries resolved to prior to changing the name servers to Test-Net IPs?
If ORDB did follow the BCP guidelines and then switched to collateral damage I personally don't fault them for trying to get people to clean up their config(s).
> If ORDB did follow the BCP guidelines and then switched to collateral > damage I personally don't fault them for trying to get people to > clean up their config(s).
One thing that ORDB has not done is to put a web page in place (re)stating that the DNSBL is shut down and that they are changing their practices, which I think they should have done. I can understand shutting down the website for the past 6 - 9 months. However I (my opinion) think they should have at least put something simple up indicating their new policy change.
> On 03/26/08 02:09, Grant Taylor wrote: > > If ORDB did follow the BCP guidelines and then switched to collateral > > damage I personally don't fault them for trying to get people to > > clean up their config(s).
> One thing that ORDB has not done is to put a web page in place > (re)stating that the DNSBL is shut down and that they are changing their > practices, which I think they should have done. I can understand > shutting down the website for the past 6 - 9 months. However I (my > opinion) think they should have at least put something simple up > indicating their new policy change.
I found that their policy statement of "going out of business" in December 2006 was sufficient. 15 months was more than enough time.
> > On 03/26/08 02:09, Grant Taylor wrote: > > > If ORDB did follow the BCP guidelines and then switched to collateral > > > damage I personally don't fault them for trying to get people to > > > clean up their config(s).
> > One thing that ORDB has not done is to put a web page in place > > (re)stating that the DNSBL is shut down and that they are changing their > > practices, which I think they should have done. I can understand > > shutting down the website for the past 6 - 9 months. However I (my > > opinion) think they should have at least put something simple up > > indicating their new policy change.
> I found that their policy statement of "going out of business" in December > 2006 was sufficient. 15 months was more than enough time.
I work as a contract tech. So alot of the companies I deal with do not have there own IT person that can sit on their @ss all day and read tech forums about the latest thing to happen in the tech world. Some of us are out there doing real work and can not follow every company that we have under our, belts stupid entries in some firewall smtp proxy. This shit took a real business down for a couple hours before I could figure out exactly what was happening. Just drop the DNS entry for relays.ordb.org or point it to some benign IP that no one gives a flying F&*%&* about. Remember not everyone has the time to keep up with this stuff. Or to know all the settings in every firewall and every server that we are responsible for. In my opinion and its just that anyone working in an environment with less than 100 computers and 10 servers is not really working.
> > On 03/26/08 02:09, Grant Taylor wrote: > > > If ORDB did follow the BCP guidelines and then switched to collateral > > > damage I personally don't fault them for trying to get people to > > > clean up their config(s).
> > One thing that ORDB has not done is to put a web page in place > > (re)stating that the DNSBL is shut down and that they are changing their > > practices, which I think they should have done. I can understand > > shutting down the website for the past 6 - 9 months. However I (my > > opinion) think they should have at least put something simple up > > indicating their new policy change.
> I found that their policy statement of "going out of business" in December > 2006 was sufficient. 15 months was more than enough time.
=I work as a contract tech. So alot of the companies I deal with do =not have there own IT person that can sit on their @ss all day and =read tech forums about the latest thing to happen in the tech world. =Some of us are out there doing real work and can not follow every =company that we have under our, belts stupid entries in some firewall =smtp proxy. This shit took a real business down for a couple hours =before I could figure out exactly what was happening. Just drop the =DNS entry for relays.ordb.org or point it to some benign IP that no =one gives a flying F&*%&* about. Remember not everyone has the time =to keep up with this stuff. Or to know all the settings in every firewall and =every server that we are responsible for. In my opinion and its just that =anyone working in an environment with less than 100 computers and 10 =servers is not really working.
Well, excuse me. I haven't worked in the IT industry for over a decade (but in the tax industry), and I still knew. Now, I found out a week after it went down (still in December 2006) - because I bother to occasionally check with services that I use to make certain they're still running. Did I wait for someone else to report on it? No.
As a professional that is employed in IT, I don't see what you're saying as a valid excuse. Every profession has things happening in it, and every professional is expected to keep up. It seems to me that this change is within the scope of your responsibilities as it did affect at least one of your clients. If that's too much for you, perhaps a career change is in order....
As for them simply dropping the DNS entry, etc., that's exactly what they've been doing for the past 15 months, but they noticed that some people were still trying to use the service. All of us COMPETENT people took care of the problem at the end of 2006 or during 2007.
> > > On 03/26/08 02:09, Grant Taylor wrote: > > > > If ORDB did follow the BCP guidelines and then switched to collateral > > > > damage I personally don't fault them for trying to get people to > > > > clean up their config(s).
> > > One thing that ORDB has not done is to put a web page in place > > > (re)stating that the DNSBL is shut down and that they are changing their > > > practices, which I think they should have done. I can understand > > > shutting down the website for the past 6 - 9 months. However I (my > > > opinion) think they should have at least put something simple up > > > indicating their new policy change.
> > I found that their policy statement of "going out of business" in December > > 2006 was sufficient. 15 months was more than enough time.
> =I work as a contract tech. So alot of the companies I deal with do > =not have there own IT person that can sit on their @ss all day and > =read tech forums about the latest thing to happen in the tech world. > =Some of us are out there doing real work and can not follow every > =company that we have under our, belts stupid entries in some firewall > =smtp proxy. This shit took a real business down for a couple hours > =before I could figure out exactly what was happening. Just drop the > =DNS entry forrelays.ordb.orgor point it to some benign IP that no > =one gives a flying F&*%&* about. Remember not everyone has the time > =to keep up with this stuff. Or to know all the settings in every firewall > and > =every server that we are responsible for. In my opinion and its just that > =anyone working in an environment with less than 100 computers and 10 > =servers is not really working.
> Well, excuse me. I haven't worked in the IT industry for over a decade (but > in the tax industry), and I still knew. Now, I found out a week after it > went down (still in December 2006) - because I bother to occasionally check > with services that I use to make certain they're still running. Did I wait > for someone else to report on it? No.
> As a professional that is employed in IT, I don't see what you're saying as > a valid excuse. Every profession has things happening in it, and every > professional is expected to keep up. It seems to me that this change is > within the scope of your responsibilities as it did affect at least one of > your clients. If that's too much for you, perhaps a career change is in > order....
> As for them simply dropping the DNS entry, etc., that's exactly what they've > been doing for the past 15 months, but they noticed that some people were > still trying to use the service. All of us COMPETENT people took care of > the problem at the end of 2006 or during 2007.
Sorry if I offended you. I had a bad day. It was a new client that I didn't even know used blacklist databases on their firewall. As far as the competent part goes I never recieve any complaints from my clients, which is around 75 different companies,about the service that they recieve and in the IT world that speaks for itself.
> As for them simply dropping the DNS entry, etc., that's exactly what they've > been doing for the past 15 months, but they noticed that some people were > still trying to use the service.
Were they droping the requests at their name server or had they removed all NS and glue A record from their domain registration before?
The resource lost for the later option wouldn't be their problem at all. Especially when you don't do anything with the domain.
> D. Stussy <s...@bde-arc.ampr.org> wrote: > > As for them simply dropping the DNS entry, etc., that's exactly what they've > > been doing for the past 15 months, but they noticed that some people were > > still trying to use the service.
> Were they droping the requests at their name server or had they removed > all NS and glue A record from their domain registration before?
> The resource lost for the later option wouldn't be their problem at all. > Especially when you don't do anything with the domain.
I'd have to say that they didn't remove their DNS entries from their registration.
Domain ID:D72422737-LROR Domain Name:ORDB.ORG Created On:11-Jun-2001 12:35:51 UTC Last Updated On:12-Jan-2007 10:52:44 UTC Expiration Date:11-Jun-2016 12:35:51 UTC ... Name Server:AUTH02.NS.TELE.DK Name Server:KOALA.DROSO.DK Name Server:NS1.ORDB.MOENSTED.DK Name Server:NS2.ORDB.MOENSTED.DK
> zone "ordb.org" { > type master; > file "empty"; > notify no; > };
> if they dont want dns hits, they wont get any :)
What about the traffic coming to their server looking for the ordb.org zone? That would still continue for years to come.
If all you do is drop the traffic as early as possible, you are still dropping traffic that is still coming to you. Where as if you do something to cause people to want to not query you, the traffic will drop off sharply in short order.
Res <r...@ausics.net> wrote: > huh? that entry you would put in your DNS's, as in an ISP/Telco DNS's, > couldnt care less about theirs, if they dont have the bandwith thats > their problem, they knew the risks involved before starting up.
Oh. Great. Because one's to f***ing stupid to maintain one's mailserver he's going to tinker with other peoples zones in his DNS setup. Yeah, thats the way to go. As it shows the same clue-level regarding email and DNS.
l33t solution. Go and post this to every phpBB. Clemens. -- /"\ http://czauner.onlineloop.com/ \ / ASCII RIBBON CAMPAIGN X AGAINST HTML MAIL / \ AND POSTINGS
> I guess some people just don't have a clue about the contracting > world. There are many companies out there that only call when they > have a problem or just have a contract computer company come in for a > couple hours every now in then to check stuff out. Just because these > companies don't have a full time IT person or a budget that allows > them to, doesn't mean they deserve to have their company's e-mail > taken down because people decide to be idiots. Really, honestly, is > it to much to ask have them make some changes to their DNS. They took > on the responsibility of hosting this service they should respect that > responsibility and do the right thing. Imagine how much money was > spent on troubleshooting this problem around the nation. I know that > Astaro had to release a patch for it.
Question(s): - How do you get people that are querying a dead system to stop querying it? - How many months / years should someone pay for a service bandwidth for a service that has been dead for 14+ months? 2 years? Longer? - How long are you willing to pay to host 50 GB of traffic a month for a service that is dead? - What would you do that is different than what ORDB has done?
> For all you negative nancys, oh how nice it would be to sit back and > throw jabs and act like you know what the hell you are talking about > on a little forum. I can pretty much guarantee you that I solve more > problems in 1 week then most of you will solve in a year. Thats the > one thing I hate about this field is all the arrogant a-holes that act > like they know everything. I hate to tell you this but if you think > you everything about computers and networks you don't have a clue.
Rather than throwing jabs your self, how about throwing down some information for discussion? Please answer the above questions. Please persuade me ("show me the light" if you will) why and / or how what ORDB did was wrong and explain what you would have done different. Will your solution hold up now, 1 month from now, 1 year from now, 5 years from now? Would you still be willing to pay for the resources for your defunct service 5 or 10 years from now?
> This is exactly the point, the entire domain is moot, removing the > name servers from zone, setting thme to 127.0.0.1, dropping the zone > sicne they dont want it, it has no use these days. It has no A > records, www has no A records, it has no MX record, but yet they > still have records to block everyone querrying *.relays.ordb.org > petty absolutely fucking petty.
For the sake of the on going discussion please clarify what you want ORDB to do and where you would like them to do it.
Are you wanting ORDB to: - Remove NS records for the relays.ordb.org sub-domain from the ordb.org zone? - Set the A record referenced in the glue records for the relays.ordb.org sub-domain to 127.0.0.1? - Remove all references to the relays.ordb.org sub-domain? - Remove all ORDB zones? - Set glue records with Tucows to 127.0.0.1? - Remove the glue records with Tucows if possible?
> since your in the business of calling others, I'll call you, show me > the evidence they ar ehit with 50G a month
Fair enough. I will first say that I do not have any ""evidence per say (logs, reports, etc from ORDB), but I can run (what I believe to be) extremely conservative numbers to come up with the amount of traffic that their DNS servers would see.
From my second message you can see how I derived the size of queries and replies. Below are the formulas that I used to run the numbers.
I found that there were (approximately) 246 country codes. I'm going to presume that ORDB is receiving at least one query per second per country code. I feel confident that this is a very safe number to use.
Per my other posts, I found that a query is 85 bytes and a reply is 202 bytes, making a query and reply 287 bytes.
If we take the 85 (bytes per query) * 246 (country codes) is 20910 bytes per second or 20.9 kB per second of DNS query traffic.
If we take the 85 (bytes per query) * 246 (country codes) * 60 (second per minute) * 60 (minutes per hour) * 24 (hours per day) is 1806624000 bytes per day or 1806624 kB per day or 1806.6 MB per day or 1.8 GB per day of DNS query traffic.
If we take the 85 (bytes per query) * 246 (country codes) * 60 (second per minute) * 60 (minutes per hour) * 24 (hours per day) * 30 (days per month) is 54198720000 bytes per month or 54198720 kB per month or 54198.7 MB per month or 54.1 GB per month of DNS query traffic.
If we use the same equations with the size of the reply and the size of the query and reply combined we get the following numbers:
DNS reply traffic 202 * 246 = 49692 B or 49.69 kB per second 202 * 246 * 60 * 60 * 24 = 4293388800 B or 4293388.8 kB or 4293.3 MB or 4.2 GB per day 202 * 246 * 60 * 60 * 24 * 30 = 128801664000 B or 128801664 kB or 128801.6 MB or 128.8 GB per month
Combined DNS query and reply traffic 287 * 246 = 70602 B or 70.6 kB per second 287 * 246 * 60 * 60 * 24 = 6100012800 B or 6100012.8 kB or 6100 MB or 6.1 GB per day 287 * 246 * 60 * 60 * 24 * 30 = 183000384000 B or 183000384 kB or 183000.3 MB or 183 GB per month
I think it is fairly obvious that this is a LOT of traffic that has to be absorbed by someone's DNS servers. What is worse is that this amount of traffic is very unlikely to taper off very fast at all if nothing is done to encourage people to stop querying the servers. Hence why I believe ORDB decided to switch to collateral damage after being closed for 14+ months all the wile handling 183 GB (or more) traffic for a defunct service.
With these numbers in mind, let's see how what I believe you are wanting ORDB to do stacks up.
- Remove NS records for the relays.ordb.org sub-domain from the ordb.org zone?
Systems will still be querying the ordb.org zone for the sub-domain, thus the traffic numbers still apply. Adjust the size of queries and replies for the sizes of packets if need be. However this number will still be very large.
- Set the A record referenced in the glue records for the relays.ordb.org sub-domain to 127.0.0.1?
(same as above)
- Remove all references to the relays.ordb.org sub-domain?
(same as above)
- Remove all ORDB zones?
Systems will still query the ORDB zone name servers looking for records. Still very similar to above.
- Set glue records with Tucows to 127.0.0.1?
Root name servers will still receive traffic looking for the name servers for the ORDB zone.
- Remove the glue records with Tucows if possible?
Root name servers will still be queried.
What is worse with doing the above is that most of the systems that are still querying ORDB after being closed for 14+ months will continue to do so for quite a while to come. What incentive do all the companies like aoberlin is referring to have to bring someone in to correct the problem if at worst they have a DNS timeout per message passing through their system? How long do you think it will be before someone does remove ORDB from the config? I'm betting that ORDB will stay in the config until the system is replaced with something new, so most likely sometime with in the next 5 years (give or take). What if someone copies the old config to the next system? How many new systems down the road will be able to use the old config file or .mc file? Let's say 3 generations with a 5 year life cycle. Now we are up to 11 years if we say the replacement cycle is every 3 years and we take off the 14 months that have passed. All this time will add up to a *LOT* of wasted bandwidth and $$$ because people do not update their config.
This is why I think it perfectly reasonable for ORDB to result to some action that will ensure that people will want to update their config. ORDB has been defunct for 14+ months. Any one that was going to update their config on their own accord has done so already. I'm willing to bet that a very large majority of systems that were querying ORDB a week ago are no longer querying ORDB. Let's just say that the number is cut bu 10%. Here is a simple list of the number of queries per second for each week for the next 6 months:
If I run the numbers out with a 10% drop per week, all queries should be stopped by the 60 weeks. For the curious, if the number of queries per week is cut in half, with in 13 weeks all queries should be stopped. Cut in to a quarter and you are down to 7 weeks.
Compare the operational costs of doing this verses answering queries for the coming years.
news:2582e793-3ebf-41cc-ae5a-30844c2f2bdb@e39g2000hsf.googlegroups.com... For all you negative nancys, oh how nice it would be to sit back and throw jabs and act like you know what the hell you are talking about on a little forum. I can pretty much guarantee you that I solve more problems in 1 week then most of you will solve in a year. Thats the one thing I hate about this field is all the arrogant a-holes that act like they know everything. I hate to tell you this but if you think you everything about computers and networks you don't have a clue.
Maybe that's because some of us learn about such things and make changes BEFORE any problems arise.
I don't claim to know "everything" but I do keep up with services I actually use.
> > This is exactly the point, the entire domain is moot, removing the > > name servers from zone, setting thme to 127.0.0.1, dropping the zone > > sicne they dont want it, it has no use these days. It has no A > > records, www has no A records, it has no MX record, but yet they > > still have records to block everyone querrying *.relays.ordb.org > > petty absolutely fucking petty.
> For the sake of the on going discussion please clarify what you want > ORDB to do and where you would like them to do it.
> Are you wanting ORDB to: > - Remove NS records for therelays.ordb.orgsub-domain from the > ordb.org zone? > - Set the A record referenced in the glue records for therelays.ordb.orgsub-domain to 127.0.0.1? > - Remove all references to therelays.ordb.orgsub-domain? > - Remove all ORDB zones? > - Set glue records with Tucows to 127.0.0.1? > - Remove the glue records with Tucows if possible?
> > since your in the business of calling others, I'll call you, show me > > the evidence they ar ehit with 50G a month
> Fair enough. I will first say that I do not have any ""evidence per say > (logs, reports, etc from ORDB), but I can run (what I believe to be) > extremely conservative numbers to come up with the amount of traffic > that their DNS servers would see.
> From my second message you can see how I derived the size of queries > and replies. Below are the formulas that I used to run the numbers.
> I found that there were (approximately) 246 country codes. I'm going to > presume that ORDB is receiving at least one query per second per country > code. I feel confident that this is a very safe number to use.
> Per my other posts, I found that a query is 85 bytes and a reply is 202 > bytes, making a query and reply 287 bytes.
> If we take the 85 (bytes per query) * 246 (country codes) is 20910 bytes > per second or 20.9 kB per second of DNS query traffic.
> If we take the 85 (bytes per query) * 246 (country codes) * 60 (second > per minute) * 60 (minutes per hour) * 24 (hours per day) is 1806624000 > bytes per day or 1806624 kB per day or 1806.6 MB per day or 1.8 GB per > day of DNS query traffic.
> If we take the 85 (bytes per query) * 246 (country codes) * 60 (second > per minute) * 60 (minutes per hour) * 24 (hours per day) * 30 (days per > month) is 54198720000 bytes per month or 54198720 kB per month or > 54198.7 MB per month or 54.1 GB per month of DNS query traffic.
> If we use the same equations with the size of the reply and the size of > the query and reply combined we get the following numbers:
> DNS reply traffic > 202 * 246 = 49692 B or 49.69 kB per second > 202 * 246 * 60 * 60 * 24 = 4293388800 B or 4293388.8 kB or 4293.3 MB or > 4.2 GB per day > 202 * 246 * 60 * 60 * 24 * 30 = 128801664000 B or 128801664 kB or > 128801.6 MB or 128.8 GB per month
> Combined DNS query and reply traffic > 287 * 246 = 70602 B or 70.6 kB per second > 287 * 246 * 60 * 60 * 24 = 6100012800 B or 6100012.8 kB or 6100 MB or > 6.1 GB per day > 287 * 246 * 60 * 60 * 24 * 30 = 183000384000 B or 183000384 kB or > 183000.3 MB or 183 GB per month
> I think it is fairly obvious that this is a LOT of traffic that has to > be absorbed by someone's DNS servers. What is worse is that this amount > of traffic is very unlikely to taper off very fast at all if nothing is > done to encourage people to stop querying the servers. Hence why I > believe ORDB decided to switch to collateral damage after being closed > for 14+ months all the wile handling 183 GB (or more) traffic for a > defunct service.
> With these numbers in mind, let's see how what I believe you are wanting > ORDB to do stacks up.
> - Remove NS records for therelays.ordb.orgsub-domain from the > ordb.org zone?
> Systems will still be querying the ordb.org zone for the sub-domain, > thus the traffic numbers still apply. Adjust the size of queries and > replies for the sizes of packets if need be. However this number will > still be very large.
> - Set the A record referenced in the glue records for therelays.ordb.orgsub-domain to 127.0.0.1?
> (same as above)
> - Remove all references to therelays.ordb.orgsub-domain?
> (same as above)
> - Remove all ORDB zones?
> Systems will still query the ORDB zone name servers looking for > records. Still very similar to above.
> - Set glue records with Tucows to 127.0.0.1?
> Root name servers will still receive traffic looking for the name > servers for the ORDB zone.
> - Remove the glue records with Tucows if possible?
> Root name servers will still be queried.
> What is worse with doing the above is that most of the systems that are > still querying ORDB after being closed for 14+ months will continue to > do so for quite a while to come. What incentive do all the companies > like aoberlin is referring to have to bring someone in to correct the > problem if at worst they have a DNS timeout per message passing through > their system? How long do you think it will be before someone does > remove ORDB from the config? I'm betting that ORDB will stay in the > config until the system is replaced with something new, so most likely > sometime with in the next 5 years (give or take). What if someone > copies the old config to the next system? How many new systems down the > road will be able to use the old config file or .mc file? Let's say 3 > generations with a 5 year life cycle. Now we are up to 11 years if we > say the replacement cycle is every 3 years and we take off the 14 months > that have passed. All this time will add up to a *LOT* of wasted > bandwidth and $$$ because people do not update their config.
> This is why I think it perfectly reasonable for ORDB to result to some > action that will ensure that people will want to update their config. > ORDB has been defunct for 14+ months. Any one that was going to update > their config on their own accord has done so already. I'm willing to > bet that a very large majority of systems that were querying ORDB a week > ago are no longer querying ORDB. Let's just say that the number is cut > bu 10%. Here is a simple list of the number of queries per second for > each week for the next 6 months:
> If I run the numbers out with a 10% drop per week, all queries should be > stopped by the 60 weeks. For the curious, if the number of queries per > week is cut in half, with in 13 weeks all queries should be stopped. > Cut in to a quarter and you are down to 7 weeks.
> Compare the operational costs of doing this verses answering queries for > the coming years.
> > This is exactly the point, the entire domain is moot, removing the > > name servers from zone, setting thme to 127.0.0.1, dropping the zone > > sicne they dont want it, it has no use these days. It has no A > > records, www has no A records, it has no MX record, but yet they > > still have records to block everyone querrying *.relays.ordb.org > > petty absolutely fucking petty.
> For the sake of the on going discussion please clarify what you want > ORDB to do and where you would like them to do it.
> Are you wanting ORDB to: > - Remove NS records for therelays.ordb.orgsub-domain from the > ordb.org zone? > - Set the A record referenced in the glue records for therelays.ordb.orgsub-domain to 127.0.0.1? > - Remove all references to therelays.ordb.orgsub-domain? > - Remove all ORDB zones? > - Set glue records with Tucows to 127.0.0.1? > - Remove the glue records with Tucows if possible?
> > since your in the business of calling others, I'll call you, show me > > the evidence they ar ehit with 50G a month
> Fair enough. I will first say that I do not have any ""evidence per say > (logs, reports, etc from ORDB), but I can run (what I believe to be) > extremely conservative numbers to come up with the amount of traffic > that their DNS servers would see.
> From my second message you can see how I derived the size of queries > and replies. Below are the formulas that I used to run the numbers.
> I found that there were (approximately) 246 country codes. I'm going to > presume that ORDB is receiving at least one query per second per country > code. I feel confident that this is a very safe number to use.
> Per my other posts, I found that a query is 85 bytes and a reply is 202 > bytes, making a query and reply 287 bytes.
> If we take the 85 (bytes per query) * 246 (country codes) is 20910 bytes > per second or 20.9 kB per second of DNS query traffic.
> If we take the 85 (bytes per query) * 246 (country codes) * 60 (second > per minute) * 60 (minutes per hour) * 24 (hours per day) is 1806624000 > bytes per day or 1806624 kB per day or 1806.6 MB per day or 1.8 GB per > day of DNS query traffic.
> If we take the 85 (bytes per query) * 246 (country codes) * 60 (second > per minute) * 60 (minutes per hour) * 24 (hours per day) * 30 (days per > month) is 54198720000 bytes per month or 54198720 kB per month or > 54198.7 MB per month or 54.1 GB per month of DNS query traffic.
> If we use the same equations with the size of the reply and the size of > the query and reply combined we get the following numbers:
> DNS reply traffic > 202 * 246 = 49692 B or 49.69 kB per second > 202 * 246 * 60 * 60 * 24 = 4293388800 B or 4293388.8 kB or 4293.3 MB or > 4.2 GB per day > 202 * 246 * 60 * 60 * 24 * 30 = 128801664000 B or 128801664 kB or > 128801.6 MB or 128.8 GB per month
> Combined DNS query and reply traffic > 287 * 246 = 70602 B or 70.6 kB per second > 287 * 246 * 60 * 60 * 24 = 6100012800 B or 6100012.8 kB or 6100 MB or > 6.1 GB per day > 287 * 246 * 60 * 60 * 24 * 30 = 183000384000 B or 183000384 kB or > 183000.3 MB or 183 GB per month
> I think it is fairly obvious that this is a LOT of traffic that has to > be absorbed by someone's DNS servers. What is worse is that this amount > of traffic is very unlikely to taper off very fast at all if nothing is > done to encourage people to stop querying the servers. Hence why I > believe ORDB decided to switch to collateral damage after being closed > for 14+ months all the wile handling 183 GB (or more) traffic for a > defunct service.
> With these numbers in mind, let's see how what I believe you are wanting > ORDB to do stacks up.
> - Remove NS records for therelays.ordb.orgsub-domain from the > ordb.org zone?
> Systems will still be querying the ordb.org zone for the sub-domain, > thus the traffic numbers still apply. Adjust the size of queries and > replies for the sizes of packets if need be. However this number will > still be very large.
> - Set the A record referenced in the glue records for therelays.ordb.orgsub-domain to 127.0.0.1?
> (same as above)
> - Remove all references to therelays.ordb.orgsub-domain?
> (same as above)
> - Remove all ORDB zones?
> Systems will still query the ORDB zone name servers looking for > records. Still very similar to above.
> - Set glue records with Tucows to 127.0.0.1?
> Root name servers will still receive traffic looking for the name > servers for the ORDB zone.
> - Remove the glue records with Tucows if possible?
> Root name servers will still be queried.
> What is worse with doing the above is that most of the systems that are > still querying ORDB after being closed for 14+ months will continue to > do so for quite a while to come. What incentive do all the companies > like aoberlin is referring to have to bring someone in to correct the > problem if at worst they have a DNS timeout per message passing through > their system? How long do you think it will be before someone does > remove ORDB from the config? I'm betting that ORDB will stay in the > config until the system is replaced with something new, so most likely > sometime with in the next 5 years (give or take). What if someone > copies the old config to the next system? How many new systems down the > road will be able to use the old config file or .mc file? Let's say 3 > generations with a 5 year life cycle. Now we are up to 11 years if we > say the replacement cycle is every 3 years and we take off the 14 months > that have passed. All this time will add up to a *LOT* of wasted > bandwidth and $$$ because people do not update their config.
> This is why I think it perfectly reasonable for ORDB to result to some > action that will ensure that people will want to update their config. > ORDB has been defunct for 14+ months. Any one that was going to update > their config on their own accord has done so already. I'm willing to > bet that a very large majority of systems that were querying ORDB a week > ago are no longer querying ORDB. Let's just say that the number is cut > bu 10%. Here is a simple list of the number of queries per second for > each week for the next 6 months:
> If I run the numbers out with a 10% drop per week, all queries should be > stopped by the 60 weeks. For the curious, if the number of queries per > week is cut in half, with in 13 weeks all queries should be stopped. > Cut in to a quarter and you are down to 7 weeks.
> Compare the operational costs of doing this verses answering queries for > the coming years.
> Grant. . . .
Grant I like your style. I would say drop the whole domain. Since they gambled and lost the the whole ordb zone should should no longer exist. Yes there would still be queries but there a millions of queries a day for zones that do not exist. Not a big deal. It would be like saying we need to take every satellite out of space that are no longer in service, because some day we will run out of room.
But with that said you make a valid argument and back it up with some cool stats. And I would have to say I am less pissed about the situation.
See this is the kind of reasoning I can understand. Not the "your idiot for not reading about this 2 years ago."
> Grant I like your style. I would say drop the whole domain. Since > they gambled and lost the the whole ordb zone should should no longer > exist. Yes there would still be queries but there a millions of > queries a day for zones that do not exist. Not a big deal. It would > be like saying we need to take every satellite out of space that are > no longer in service, because some day we will run out of room.
I'm curious, how do you think ORDB gambled and lost? The way I see it, the spam industry has changed and ORDB was simply outdated. I don't think it was a contest to see which anti spam method was better. (Sure there are purportedly friendly rivalries to be the best, but we are all working for the same goal.) Granted the battles between the spam fighters and spammers can get a little heated.
The idea of dropping the domain seems a bit problematic to me. To start with, I'm not sure if it is even possible to cancel a domain (with or with out requesting a refund). I think you have to let it expire. Seeing as how the ordb.org domain is registered through June 11th, 2016, it will be a while before it expires. Then there is also the fact that there is a chance that people will still be querying it at that point in time. So what happens to the pore sap that registers the recycled domain after that time? They will be inundated with the remaining queries.
With regards to the satellites in space, we are already running in to a layer of junk. (Maybe we can get it to stop some of the UV rays for us seeing as how the ozone is being depleted by man and planet.) Likewise the load on the root DNS servers is growing every day. Perhaps something should be done to clean up these abandoned domains too. However that is beyond the scope of this tread.
> But with that said you make a valid argument and back it up with some > cool stats. And I would have to say I am less pissed about the > situation.
Thank you. I tried to be logical and engage others in a conversation. I'm glad that Res called me on my numbers the way he did. He was polite and asked for some foundation to my claims. I really do like it when we can have discussions with people laying facts down for both sides and hopefully both sides being somewhat enlightened.
With that said, I dare to ask this question. Understanding what I have put forth, should ORDB have waited longer before switching to the collateral damage mode, or should they have done it sooner?
> See this is the kind of reasoning I can understand. Not the "your > idiot for not reading about this 2 years ago."
*nod* I could not agree more. I think all of us (at least us humans) try to be professional in our jobs and / or hobbies, but occasionally we all slip a bit. ;)
Grant Taylor wrote: > The idea of dropping the domain seems a bit problematic to me. To start > with, I'm not sure if it is even possible to cancel a domain (with or > with out requesting a refund).
You can relinquish a domain if you really want. Or you can just park it and point the nameserver information in the WHOIS records at $SOME_BIG_DOMAIN_PARKER.
> So what happens to the pore sap that registers the recycled > domain after that time? They will be inundated with the remaining > queries.
That is indeed a problem (or maybe an opportunity? :-))
>You can relinquish a domain if you really want. Or you can just park it and point the nameserver information in the WHOIS records at $SOME_BIG_DOMAIN_PARKER.
I wonder if you could use test net IPs for the name servers. I don't think ther are routable out side of test environments.
>That is indeed a problem (or maybe an opportunity? :-))
