On Sun, Sep 18, 2016 at 6:03 PM, Paul Hoffman <paul.hoff...@vpnc.org> wrote: > On 18 Sep 2016, at 14:10, John Levine wrote: > >>>> 4.2.4. Name Collision in the DNS ... >> >> >>> This study is from before the new gTLD program. The assumption in the >>> report need to be tested against what actually happened in the round of >>> new gTLDs before it can be included as part of the fact basis for this >>> work. We also need information on the degree of success that the >>> various mitigation strategies had in overcoming possible problems to >>> have a full picture of the problem as it has been shown in practice. >> >> >> At a meeting a couple of weeks ago, I believe that someone said that >> the junk traffic at the roots for each of .corp, .home and .mail still >> greatly exceeds all of the traffic for the new gTLDs. So I think it's >> safe to say none of the mitigation strategies have worked. > > > There is a difference between "mitigation" with "prevention". Few of use > thought that publicity about upcoming collisions would have cause more than > a few folks to fix the problem before it hit them. > >> The wildcard 127.0.53.53 and such are clever, but none of the domains >> that have been delegated had significant collision issues to start >> with so it's hard to argue they've been effective. > > > It is impossible to measure the effectiveness without knowing how many > collision queries are just noise (queries that will cause no noticeable > damage if they started coming back with results). In the case of mitigation > through wildcard-to-localhost, it is safe to assume that many organizations > did in fact mitigate; we simply can't tell how many or when.
... and just for the record, much much more could have been determined (and users better warned / informed) if the address handed out was a server which displayed an error / links to more information[0], or if the name-servers serving the wildcard were required to collect and publish information and statistics. This would have allowed analysis of the effectiveness of the mitigations, etc. Yup, I'm beating a dead-horse here, but people keep rediscovering the topic. W [0]: This could have a webserver which localized the page (based on IP / Accept-Language), a mailserver with a useful error, SSH / telnet banners, etc. I figured out ~20 protocols which allowed some sort of useful banner return. The logs could have been anonymized, or only statistics saved... > > --Paul Hoffman > > (Disclaimer: I'm now on ICANN staff, but well before I was, I wrote "Guide > to Name Collision Identification and Mitigation for IT Professionals" for > ICANN.) > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
