Re: [GENERAL] On DNS for postgresql.org
On Wed, Sep 06, 2006 at 06:23:06PM -0700, Steve Atkins wrote: > DNS clue might be relevant. We're not, though. Rather I'm saying that > publicly criticizing people who volunteer services to a project, > about things that are not related to the services they're providing > is at best a little impolite. Actually, the real problem (as a couple people pointed out to me privately, for which I am thankful) is that I did it on the wrong list. But for the record: I wasn't trying to be critical; I was trying to solve a problem. If I appeared to be attacking anyone, I do apologise. A -- Andrew Sullivan | [EMAIL PROTECTED] "The year's penultimate month" is not in truth a good way of saying November. --H.W. Fowler ---(end of broadcast)--- TIP 2: Don't 'kill -9' the postmaster
Re: [GENERAL] On DNS for postgresql.org
On Wed, 6 Sep 2006, Joshua D. Drake wrote: If we were playing DNS body part size wars then who has the bigger DNS clue might be relevant. We're not, though. Rather I'm saying that publicly criticizing people who volunteer services to a project, about things that are not related to the services they're providing is at best a little impolite. Well this is fun. I suggest that you review Andrew's comments again. Nothing he said was personal, they were direct criticisms of possible technical administration failures. Agreed ... I know I didn't take his comments personally, and as soon as I read them, I email'd him offlist asking for pointers / elaboration, as it was the first I knew that I might have something 'bad' setup ... Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email . [EMAIL PROTECTED] MSN . [EMAIL PROTECTED] Yahoo . yscrappy Skype: hub.orgICQ . 7615664 ---(end of broadcast)--- TIP 4: Have you searched our list archives? http://archives.postgresql.org
Re: [GENERAL] On DNS for postgresql.org
On Thu, 7 Sep 2006, Tim Allen wrote: Andrew was apparently suggesting that the configuration issue he mentioned is not irrelevant, and may be the actual cause of the problems. Since he works for a domain registrar, I'm prepared to assume, at least as a working hypothesis, that he knows what he's talking about. At the least, I suggest it's wise to consider his opinion rather than tell him it's not his business. Agreed, for which I email'd him offlist about the issue ... Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email . [EMAIL PROTECTED] MSN . [EMAIL PROTECTED] Yahoo . yscrappy Skype: hub.orgICQ . 7615664 ---(end of broadcast)--- TIP 3: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faq
Re: [GENERAL] On DNS for postgresql.org
On Sep 6, 2006, at 6:41 PM, Joshua D. Drake wrote: Irrelevant details of the server configuration that do not directly affect those services aren't really something to gossip about on a public mailing list, though. The two are quite different things. Andrew was apparently suggesting that the configuration issue he mentioned is not irrelevant, and may be the actual cause of the problems. Since he works for a domain registrar, I'm prepared to assume, at least as a working hypothesis, that he knows what he's talking about. At the least, I suggest it's wise to consider his opinion rather than tell him it's not his business. Well, I can vouch for Andrew and his knowledge (not that he needs me to). Enough. I didn't intend to insult anyone in this thread, merely thought that one original comment was a little rude. My apologies to anyone who's upset or been distracted. Lets go back to database-related stuff. Cheers, Steve ---(end of broadcast)--- TIP 5: don't forget to increase your free space map settings
Re: [GENERAL] On DNS for postgresql.org
If we were playing DNS body part size wars then who has the bigger DNS clue might be relevant. We're not, though. Rather I'm saying that publicly criticizing people who volunteer services to a project, about things that are not related to the services they're providing is at best a little impolite. Well this is fun. I suggest that you review Andrew's comments again. Nothing he said was personal, they were direct criticisms of possible technical administration failures. We are not in the business of protecting egos for technical matters here. If Andrew has said something to the effect of, "WTF Marc, do you have a clue about what you are doing?" I would agree with your statement. Andrew did not do any such thing. He merely presented his rather well informed opinion on the matter of DNS and possible issues with the current configuration. Frankly, he is correct, open recursive servers are a bad idea. This isn't 2001, we need to be very careful with our resources. I see nothing wrong with that. Sincerely, Joshua D. Drake Cheers, Steve ---(end of broadcast)--- TIP 4: Have you searched our list archives? http://archives.postgresql.org -- === The PostgreSQL Company: Command Prompt, Inc. === Sales/Support: +1.503.667.4564 || 24x7/Emergency: +1.800.492.2240 Providing the most comprehensive PostgreSQL solutions since 1997 http://www.commandprompt.com/ ---(end of broadcast)--- TIP 1: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
Re: [GENERAL] On DNS for postgresql.org
* Steve Atkins ([EMAIL PROTECTED]) wrote: > If we were playing DNS body part size wars then who has the bigger > DNS clue might be relevant. We're not, though. Rather I'm saying that > publicly criticizing people who volunteer services to a project, > about things that are not related to the services they're providing > is at best a little impolite. They provide DNS. It's about the DNS service they provide being potentially abusable to DoS and possibly blacklisted (thus causing non-obvious outage to portions of the network). Therefore, it's certainly regarding the services they're providing and how what they're doing could affect usage of that service by the community. Now, we're certainly very grateful for the services provided and for the time spent by the hard working admins to keep everything going. This wasn't an attack on them but rather an attempt to bring to their attention an issue they may not have been aware of and may be quite happy to look into. Unfortunately, your insistance that it's bad to be public about a public service, even after being corrected multiple times, has made it into an attack which you're trying to defend the admins against without any call or request from them for you to. Indeed, they may feel that bringing it up on a community list is the appropriate and encouraged thing to do when it involves the servers or service provided to the community. Thanks, Stephen signature.asc Description: Digital signature
Re: [GENERAL] On DNS for postgresql.org
When you commit to providing services to this community, it is absolutely the business of that community on how the infrastructure is managed. It is the business of the community that the services provided are adequate and stable, certainly. That's become rather obvious recently. Irrelevant details of the server configuration that do not directly affect those services aren't really something to gossip about on a public mailing list, though. I can agree with that. Sincerely, Joshua D. Drake The two are quite different things. The people offering these services have a responsibility to insure that their infrastructure is well managed. If people are not up to that responsibility, there are plenty of providers willing to take it on. Cheers, Steve ---(end of broadcast)--- TIP 5: don't forget to increase your free space map settings -- === The PostgreSQL Company: Command Prompt, Inc. === Sales/Support: +1.503.667.4564 || 24x7/Emergency: +1.800.492.2240 Providing the most comprehensive PostgreSQL solutions since 1997 http://www.commandprompt.com/ ---(end of broadcast)--- TIP 6: explain analyze is your friend
Re: [GENERAL] On DNS for postgresql.org
Irrelevant details of the server configuration that do not directly affect those services aren't really something to gossip about on a public mailing list, though. The two are quite different things. Andrew was apparently suggesting that the configuration issue he mentioned is not irrelevant, and may be the actual cause of the problems. Since he works for a domain registrar, I'm prepared to assume, at least as a working hypothesis, that he knows what he's talking about. At the least, I suggest it's wise to consider his opinion rather than tell him it's not his business. Well, I can vouch for Andrew and his knowledge (not that he needs me to). Joshua D. Drake Tim -- === The PostgreSQL Company: Command Prompt, Inc. === Sales/Support: +1.503.667.4564 || 24x7/Emergency: +1.800.492.2240 Providing the most comprehensive PostgreSQL solutions since 1997 http://www.commandprompt.com/ ---(end of broadcast)--- TIP 9: In versions below 8.0, the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match
Re: [GENERAL] On DNS for postgresql.org
On Sep 6, 2006, at 5:58 PM, Tim Allen wrote: Steve Atkins wrote: On Sep 6, 2006, at 5:29 PM, Joshua D. Drake wrote: When you commit to providing services to this community, it is absolutely the business of that community on how the infrastructure is managed. It is the business of the community that the services provided are adequate and stable, certainly. That's become rather obvious recently. Irrelevant details of the server configuration that do not directly affect those services aren't really something to gossip about on a public mailing list, though. The two are quite different things. Andrew was apparently suggesting that the configuration issue he mentioned is not irrelevant, and may be the actual cause of the problems. No, he wasn't. He was arguing that having a nameserver that allows resolution to the entire net is a bad thing because it allows abusers to wash DoS attacks through them. That's a perfectly reasonably opinion to have, but one that's very unlikely to be related to recent problems with the domain in question. Since he works for a domain registrar, I'm prepared to assume, at least as a working hypothesis, that he knows what he's talking about. At the least, I suggest it's wise to consider his opinion rather than tell him it's not his business. If we were playing DNS body part size wars then who has the bigger DNS clue might be relevant. We're not, though. Rather I'm saying that publicly criticizing people who volunteer services to a project, about things that are not related to the services they're providing is at best a little impolite. Cheers, Steve ---(end of broadcast)--- TIP 4: Have you searched our list archives? http://archives.postgresql.org
Re: [GENERAL] On DNS for postgresql.org
Steve Atkins wrote: On Sep 6, 2006, at 5:29 PM, Joshua D. Drake wrote: When you commit to providing services to this community, it is absolutely the business of that community on how the infrastructure is managed. It is the business of the community that the services provided are adequate and stable, certainly. That's become rather obvious recently. Irrelevant details of the server configuration that do not directly affect those services aren't really something to gossip about on a public mailing list, though. The two are quite different things. Andrew was apparently suggesting that the configuration issue he mentioned is not irrelevant, and may be the actual cause of the problems. Since he works for a domain registrar, I'm prepared to assume, at least as a working hypothesis, that he knows what he's talking about. At the least, I suggest it's wise to consider his opinion rather than tell him it's not his business. Tim -- --- Tim Allen [EMAIL PROTECTED] Proximity Pty Ltd http://www.proximity.com.au/ ---(end of broadcast)--- TIP 1: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
Re: [GENERAL] On DNS for postgresql.org
On Sep 6, 2006, at 5:29 PM, Joshua D. Drake wrote: Also the servers are volunteer provided, so it's not really anyones business other than the server owners. Given that the entire postgresql.org infrastructure just went off the air because of what sure looked to me like an error in administration, I submit that it _is_ others' business how the infrastructure is managed When you commit to providing services to this community, it is absolutely the business of that community on how the infrastructure is managed. It is the business of the community that the services provided are adequate and stable, certainly. That's become rather obvious recently. Irrelevant details of the server configuration that do not directly affect those services aren't really something to gossip about on a public mailing list, though. The two are quite different things. The people offering these services have a responsibility to insure that their infrastructure is well managed. If people are not up to that responsibility, there are plenty of providers willing to take it on. Cheers, Steve ---(end of broadcast)--- TIP 5: don't forget to increase your free space map settings
Re: [GENERAL] On DNS for postgresql.org
Also the servers are volunteer provided, so it's not really anyones business other than the server owners. Given that the entire postgresql.org infrastructure just went off the air because of what sure looked to me like an error in administration, I submit that it _is_ others' business how the infrastructure is managed When you commit to providing services to this community, it is absolutely the business of that community on how the infrastructure is managed. The people offering these services have a responsibility to insure that their infrastructure is well managed. If people are not up to that responsibility, there are plenty of providers willing to take it on. Sincerely, Joshua D. Drake A -- === The PostgreSQL Company: Command Prompt, Inc. === Sales/Support: +1.503.667.4564 || 24x7/Emergency: +1.800.492.2240 Providing the most comprehensive PostgreSQL solutions since 1997 http://www.commandprompt.com/ ---(end of broadcast)--- TIP 9: In versions below 8.0, the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match
Re: [GENERAL] On DNS for postgresql.org
[EMAIL PROTECTED] (Steve Atkins) writes: > On Sep 6, 2006, at 9:50 AM, Andrew Sullivan wrote: >> Now that the DNS is back (thanks!), I thought I'd ask why the ra bit >> is set on the responses. Are those servers providing recursion to >> the whole Net? (They seem to be.) If so, that's a Bad Thing. > > There's not anything like universal agreement on whether that's a > bad thing, or not. I'll leave that to others... > Also the servers are volunteer provided, so it's not really anyones > business other than the server owners. If you are fine with people casting arbitrary aspersions against the users of PostgreSQL, then perhaps so. I wouldn't expect any self-respecting project that prides itself on reliability would be willing to live with this, though... -- let name="cbbrowne" and tld="acm.org" in name ^ "@" ^ tld;; http://www3.sympatico.ca/cbbrowne/linuxdistributions.html 'Typos in FINNEGANS WAKE? How could you tell?' -- Kim Stanley Robinson ---(end of broadcast)--- TIP 9: In versions below 8.0, the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match
Re: [GENERAL] On DNS for postgresql.org
On Wed, Sep 06, 2006 at 09:59:29AM -0700, Steve Atkins wrote: > > There's not anything like universal agreement on whether that's > a bad thing, or not. Uh, well, there sure is right now among TLD operators. Wide-open recursion is being used in a denial of service attack that causes orders-of-magnitude amplification traffic against the target servers. In fact, there are some who are blacklisting open recursive servers, and there's an effort afoot to get the news out: http://tools.ietf.org/wg/dnsop/draft-ietf-dnsop-reflectors-are-evil/ (Another draft is expected Real Soon Now, with a less-inflammatory filename.) > Also the servers are volunteer provided, so > it's not really anyones business other than the server owners. Given that the entire postgresql.org infrastructure just went off the air because of what sure looked to me like an error in administration, I submit that it _is_ others' business how the infrastructure is managed A -- Andrew Sullivan | [EMAIL PROTECTED] The plural of anecdote is not data. --Roger Brinner ---(end of broadcast)--- TIP 9: In versions below 8.0, the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match
Re: [GENERAL] On DNS for postgresql.org
Andrew Sullivan wrote: > Hi, > > Now that the DNS is back (thanks!), I thought I'd ask why the ra bit > is set on the responses. Are those servers providing recursion to > the whole Net? (They seem to be.) If so, that's a Bad Thing. > > A > Yes, they do seem to be and yes it probably is a Bad Thing: $ dig @ns3.hub.org www.mysql.com ; <<>> DiG 9.3.1 <<>> @ns3.hub.org www.mysql.com ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58427 ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 4, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.mysql.com. IN A ;; ANSWER SECTION: www.mysql.com. 3600IN A 213.115.162.29 www.mysql.com. 3600IN A 213.115.162.82 www.mysql.com. 3600IN A 213.136.52.29 www.mysql.com. 3600IN A 213.136.52.82 ;; AUTHORITY SECTION: mysql.com. 3600IN NS dns1.mysql.com. mysql.com. 3600IN NS dns2.mysql.com. mysql.com. 3600IN NS dns3.mysql.com. mysql.com. 3600IN NS dns5.mysql.com. ;; Query time: 409 msec ;; SERVER: 200.46.204.254#53(200.46.204.254) ;; WHEN: Wed Sep 6 10:15:56 2006 ;; MSG SIZE rcvd: 171 ---(end of broadcast)--- TIP 3: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faq
Re: [GENERAL] On DNS for postgresql.org
On Sep 6, 2006, at 9:50 AM, Andrew Sullivan wrote: Hi, Now that the DNS is back (thanks!), I thought I'd ask why the ra bit is set on the responses. Are those servers providing recursion to the whole Net? (They seem to be.) If so, that's a Bad Thing. There's not anything like universal agreement on whether that's a bad thing, or not. Also the servers are volunteer provided, so it's not really anyones business other than the server owners. Cheers, Steve ---(end of broadcast)--- TIP 6: explain analyze is your friend
[GENERAL] On DNS for postgresql.org
Hi, Now that the DNS is back (thanks!), I thought I'd ask why the ra bit is set on the responses. Are those servers providing recursion to the whole Net? (They seem to be.) If so, that's a Bad Thing. A -- Andrew Sullivan | [EMAIL PROTECTED] If they don't do anything, we don't need their acronym. --Josh Hamilton, on the US FEMA ---(end of broadcast)--- TIP 6: explain analyze is your friend
