Re: Annoying dynamic DNS updates (was Re: someone from attbi please contact me ...)
Original Message - From: "Owen DeLong" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Monday, September 29, 2003 1:07 PM Subject: Re: Annoying dynamic DNS updates (was Re: someone from attbi please contact me ...) > Think about Micr0$0ft trying to fight off thousands or better millions > of small claims cases all over the country. Even if Micr0$0ft wins every > one, they lose. > > Owen > > FWIW (and IANAL) in Ohio a corporation filing in small claims court requires a lawyer to represent the company. This increases the cost to at least $250 just to get in the door. I would be suprised to get out with under a $1000 in legal fees. Even though we have a Ohio spam law (yeah - I know we are talking about DNS here..) AFAIK no ISP has bothered trying to use it since the cost relative to the potential recovery is out of line. Makes it pretty impractical to use this method for dealing with annoying but economically minor issues. Mark
Re: Annoying dynamic DNS updates (was Re: someone from attbi please contact me ...)
Micahel, I think class action is a less effective approach here. Micr0$0ft has vast resources ready to take on any large single lawsuit and make it a very expensive and resource intensive process for their opposition. On the other hand, with a low (around $25 last I looked) filing fee and virtually no other real costs involved, and, and expidited calendar (usually around 2-6 months from filing to hearing), the small claims process looks much more attractive as a method for dealing with this. Think about Micr0$0ft trying to fight off thousands or better millions of small claims cases all over the country. Even if Micr0$0ft wins every one, they lose. Owen --On Monday, September 29, 2003 5:48 PM +0100 [EMAIL PROTECTED] wrote: It reminds me of the Netgear and U of Wisconsin time server SNAFU. http://www.cs.wisc.edu/~plonka/netgear-sntp/ The difference is that Netgear admitted responsibility and worked with UW to cope with the issue. Further, Netgear has funded UW in it's cleanup efforts and generally stepped up to the plate. As much as I don't care for Netgear's products, they did show decent corporate responsibility when UW was able to escalate to the appropriate management at Netgear. Sounds like a great example to put before the judge when you sue Microsoft. Can anyone say "class action"? --Michael Dillon
Re: Annoying dynamic DNS updates (was Re: someone from attbi please contact me ...)
On Mon, 29 Sep 2003 17:48:51 BST, [EMAIL PROTECTED] said: > Sounds like a great example to put > before the judge when you sue Microsoft. > Can anyone say "class action"? Microsoft can fight one class action suit a lot more easily than they can send lawyers to Christiansburg, Virginia on 8 separate occasions (yes, there's at least that many ISPs and providers in Montgomery County) to settle 8 different $400 lawsuits. pgp0.pgp Description: PGP signature
Re: Annoying dynamic DNS updates (was Re: someone from attbi please contact me ...)
>> It reminds me of the Netgear and U of Wisconsin time server SNAFU. >> http://www.cs.wisc.edu/~plonka/netgear-sntp/ >The difference is that Netgear admitted responsibility and worked with >UW to cope with the issue. Further, Netgear has funded UW in it's >cleanup efforts and generally stepped up to the plate. As much as I don't >care for Netgear's products, they did show decent corporate responsibility >when UW was able to escalate to the appropriate management at Netgear. Sounds like a great example to put before the judge when you sue Microsoft. Can anyone say "class action"? --Michael Dillon
Re: Annoying dynamic DNS updates (was Re: someone from attbi please contact me ...)
The difference is that Netgear admitted responsibility and worked with UW to cope with the issue. Further, Netgear has funded UW in it's cleanup efforts and generally stepped up to the plate. As much as I don't care for Netgear's products, they did show decent corporate responsibility when UW was able to escalate to the appropriate management at Netgear. Micr0$0ft, on the other hand, has consitently said "You just have to cope with whatever we do to you, and, it's your problem." This is a very different corporate attitude. In my opinion, that attitude deserves to be severely punished. Owen --On Saturday, September 27, 2003 8:03 PM -0400 Jason Lewis <[EMAIL PROTECTED]> wrote: When will entities that implement "solutions" that cause damage on a global scale be held accountable? The Dynamic DNS problem with Windows boxes makes me think someone thought it would be a good idea, but didn't really think it through. The Verisign wildcard decision seems to be along the same lines. I doubt anyone thought there would be a class action lawsuit when the made the change. It reminds me of the Netgear and U of Wisconsin time server SNAFU. http://www.cs.wisc.edu/~plonka/netgear-sntp/ jas On Sat, 27 Sep 2003, Paul Vixie wrote: noc@ and abuse@ are ignoring me as usual, so i'm spamming nanog@ in hopes of locating attbi clue. i need somebody who can educate one of your customers who is dns-updating me. ATT Broadband was sold to Comcast a while ago. There is no more attbi clue. If you find someone, add these to the list of misconfigured Windows users trying to "update" other people's DNS servers. acl "bogon" { // Annoying dynamic DNS updates from this address 68.39.224.6; 68.38.156.178; 68.38.152.156; 68.38.158.209; }; PS. why is this so hard? Are you talking about the kitchen sink protocol called DNS, or trying to contact another ISP, or the sociological difficulties of educating the general public how to configure very complicated "personal" computers and software without making a mistake? Why is dynamic DNS update enabled by default on some operating systems?
Re: Annoying dynamic DNS updates (was Re: someone from attbi please contact me ...)
I think the solution is for those DNS operators affected who have not signed an EULA for the system that is hammering their DNS to sue Micr0$0ft for the costs incurred in dealing with the issue. Making Micr0$0ft play legal whack-a-mole may be the only strategy with a chance of success here. (I recommend small claims so that worst case, your down side is minimal). Owen --On Saturday, September 27, 2003 6:56 PM -0500 Tim Yocum <[EMAIL PROTECTED]> wrote: In previous mail, Sean Donelan said: Are you talking about the kitchen sink protocol called DNS, or trying to contact another ISP, or the sociological difficulties of educating the general public how to configure very complicated "personal" computers and software without making a mistake? Unfortunately, telling end users to disable a default setting is rather difficult these days. It's too bad that Microsoft hasn't addressed this issue in the past several years that it has been an enabled-by-default option. Why is dynamic DNS update enabled by default on some operating systems? Back in beta days, the official explanation given was that the DNS updating was a "value add" and that it would never be disabled as a default as a courtesy to corporate customers. Furthermore, MSFT folks have repeatedly said that the workaround is to simply configure your nameserver to silently ignore the error logs. Neat policy, eh? I would assume that the dynamic updating feature is something easily toggled via a registry script; larger ISPs ought to include this "fix" as an option with their installation CDs. Alas, we get back to the ongoing debate: adjust user prefs for them, for their own good... or get the vendor to cooperate? - Tim
Re: Annoying dynamic DNS updates (was Re: someone from attbi please contact me ...)
>Unfortunately, telling end users to disable a default setting is >rather difficult these days. Not if it's done the right way using the right language. For instance... Did you realize that your computer is probably wasting precious bandwidth and slowing down your Internet connection because of the wrong default setting? You can fix this problem and take back control of your connection with this small utility which resets the dynamic DNS settings to stop wasting your bandwidth. Go to http://0xdeadbeef.example.com/noddns.html and start surfing free. And don't forget to tell your friends too! - In other words, Windows users don't typically change settings themselves but they do download small utilities that do nothing other than change one or two registry keys. >Back in beta days, the official explanation given was that the DNS >updating was a "value add" and that it would never be disabled as >a default as a courtesy to corporate customers. Corporate customers are smart enough to tick off a DDNS option during install or to automate the entire install process with a custom install script for their site. But MS is so big that the people making this decision probably had no idea how their product is really used in the real world. > larger ISPs ought >to include this "fix" as an option with their installation CDs. Alas, >we get back to the ongoing debate: adjust user prefs for them, for >their own good... or get the vendor to cooperate? Both. Create and distribute a tool that fixes the problem. Make sure the tool can run windowless as part of an ISP or corporate install script. Then sit back and watch while MS assimilates the functionality of this new tool in a later release. --Michael Dillon
Re: Annoying dynamic DNS updates (was Re: someone from attbi please contact me ...)
Perhaps (to meld threads...) those DNS queries belong at 64.94.110.11? -- A host is a host from coast to [EMAIL PROTECTED] & no one will talk to a host that's close[v].(301) 56-LINUX Unless the host (that isn't close).pob 1433 is busy, hung or dead20915-1433
RE: Annoying dynamic DNS updates (was Re: someone from attbi please contact me ...)
> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Brian Bruns > Sent: September 28, 2003 6:00 PM > To: [EMAIL PROTECTED]; Paul Vixie > Subject: Re: Annoying dynamic DNS updates (was Re: someone > from attbi please contact me ...) > > How about just configuring your BIND to return errors when > his queries against your server? He has got to be using you > as either a primary or secondary name server. That would No, that's not how it works... (at least, the Win2K/XP-style of this) It works based on the system's hostname. If you set your Windoze hostname to blah.domain.com, then the server in domain.com's SOA is going to get blasted with all those RFC 2136 updates. In your case, I'm guessing your customers had (automatic DNS configuration through DHCP? PPP?) a hostname in your domain, so that's actually why the updates went your way, not because you were their primary/secondary DNS in their DNS config. Vivien -- Vivien M. [EMAIL PROTECTED] Assistant System Administrator Dynamic DNS Network Services http://www.dyndns.org/
Re: Annoying dynamic DNS updates (was Re: someone from attbi please contact me ...)
Paul, How about just configuring your BIND to return errors when his queries against your server? He has got to be using you as either a primary or secondary name server. That would make everything on that machine suddenly come to a grinding halt as nothing would resolve anymore. I used to do that to customers who didn't turn off dynamic dns updates. It got their attention quick. -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.2mbit.com ICQ: 8077511 - Original Message - From: "Paul Vixie" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, September 28, 2003 12:09 PM Subject: Re: Annoying dynamic DNS updates (was Re: someone from attbi please contact me ...) > > > Back in beta days, the official explanation given was that the DNS > > updating was a "value add" and that it would never be disabled as > > a default as a courtesy to corporate customers. Furthermore, MSFT > > folks have repeatedly said that the workaround is to simply configure > > your nameserver to silently ignore the error logs. > > Well, I'm not going to disable that logging since it has been useful > in signalling real attacks in the past. But the thing Microsoft needed > to do with this was ensure that whoever is pirating my domain names on > their home PCs get error message popups telling them to go to MSN and > buy a real domain name. That is, they could be making money here rather > than just giving my syslogd a headache. If MSFT would behave more greedily > then their customer PCs would be contacting them rather than me, right? > -- > Paul Vixie >
Re: Annoying dynamic DNS updates (was Re: someone from attbi please contact me ...)
> Back in beta days, the official explanation given was that the DNS > updating was a "value add" and that it would never be disabled as > a default as a courtesy to corporate customers. Furthermore, MSFT > folks have repeatedly said that the workaround is to simply configure > your nameserver to silently ignore the error logs. Well, I'm not going to disable that logging since it has been useful in signalling real attacks in the past. But the thing Microsoft needed to do with this was ensure that whoever is pirating my domain names on their home PCs get error message popups telling them to go to MSN and buy a real domain name. That is, they could be making money here rather than just giving my syslogd a headache. If MSFT would behave more greedily then their customer PCs would be contacting them rather than me, right? -- Paul Vixie
Re: Annoying dynamic DNS updates (was Re: someone from attbi please contact me ...)
http://puck.nether.net/netops/nocs.cgi?ispname=Comcast Comcast Business Communications, Inc. comcastbusiness.net 13385 888-205-5000 Op [EMAIL PROTECTED] 24 x 7 --- Alan Spicer ([EMAIL PROTECTED]) Systems and Network Administration, and Telecommunications (954) 977-5245) - Original Message - From: "Sean Donelan" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, September 27, 2003 7:30 PM Subject: Annoying dynamic DNS updates (was Re: someone from attbi please contact me ...) > > On Sat, 27 Sep 2003, Paul Vixie wrote: > > noc@ and abuse@ are ignoring me as usual, so i'm spamming nanog@ in > > hopes of locating attbi clue. i need somebody who can educate one of > > your customers who is dns-updating me. > > ATT Broadband was sold to Comcast a while ago. There is no more attbi > clue. > > If you find someone, add these to the list of misconfigured Windows > users trying to "update" other people's DNS servers. > > acl "bogon" { > // Annoying dynamic DNS updates from this address > 68.39.224.6; > 68.38.156.178; > 68.38.152.156; > 68.38.158.209; > }; > > > > > PS. why is this so hard? > > > > Are you talking about the kitchen sink protocol called DNS, or trying > to contact another ISP, or the sociological difficulties of educating > the general public how to configure very complicated "personal" computers > and software without making a mistake? > > Why is dynamic DNS update enabled by default on some operating systems? > >
Re: Annoying dynamic DNS updates (was Re: someone from attbi please contact me ...)
When will entities that implement "solutions" that cause damage on a global scale be held accountable? The Dynamic DNS problem with Windows boxes makes me think someone thought it would be a good idea, but didn't really think it through. The Verisign wildcard decision seems to be along the same lines. I doubt anyone thought there would be a class action lawsuit when the made the change. It reminds me of the Netgear and U of Wisconsin time server SNAFU. http://www.cs.wisc.edu/~plonka/netgear-sntp/ jas > > On Sat, 27 Sep 2003, Paul Vixie wrote: >> noc@ and abuse@ are ignoring me as usual, so i'm spamming nanog@ in >> hopes of locating attbi clue. i need somebody who can educate one of >> your customers who is dns-updating me. > > ATT Broadband was sold to Comcast a while ago. There is no more attbi > clue. > > If you find someone, add these to the list of misconfigured Windows > users trying to "update" other people's DNS servers. > > acl "bogon" { > // Annoying dynamic DNS updates from this address > 68.39.224.6; > 68.38.156.178; > 68.38.152.156; > 68.38.158.209; > }; > >> >> PS. why is this so hard? >> > > Are you talking about the kitchen sink protocol called DNS, or trying to > contact another ISP, or the sociological difficulties of educating the > general public how to configure very complicated "personal" computers > and software without making a mistake? > > Why is dynamic DNS update enabled by default on some operating systems?