Progress with DNS Quality, Also: Lameness
[For those who were at the last meeting: This is a hopefully more coherent version of what I was trying to say to the lameness panel. Maybe I was too shocked by almost killing two laptoys ...] We have had DNS "protocol police" efforts for much more than 10 years now, yet the proportion of misconfigured DNS servers and zones is rising by all policing standards. Yet the DNS keeps working for the parts that really matter. Yet the clueful people who care configure DNS correctly. Yet the others often do not. Nothing changes really despite a lot of effort put in and a lot of improvement in the (self)policing tools. Also the resources for policing are always lacking. As Ed Lewis has pointed out yet again, it is not about finding the problems but about reaching the people who can fix the problems, educate them and make them care. The amount of those resources is always underestimated by us engineers, even those who have (had to) organise such resources. So here is my proposal: Sell the police reports as a premium service! How about your friendly RIR providing an extra service of checking your reverse DNS tree for a small additional fee that covers the people resources needed to get the reports to you and follow up on them. This would serve several purposes: - It would pay for the extra resources needed. - It would make people care for the information and make it more likely they acted on it; after all they paid for it. - It would clearly establish if people cared enough about their DNS quality to do something about it. Daniel
On torsdag, maj 22, 2003, at 10:02 Europe/Stockholm, Daniel Karrenberg wrote:
Nothing changes really despite a lot of effort put in and a lot of improvement in the (self)policing tools.
To be honest, the result I have shows for .SE: - Overall "errors" is 22.5% - Errors "large" DNS operators have is approximately 1% - "Large" DNS operators are asking me many questions because they think 1% is too bad (they have pushed it down from 1.1% to 0.6% So, my conclusion is that one can not look at the overall average because I don't think that matters so much. Many domains being lame and bad (in the forward zones) might be domain names only "registered" by people wanting the domain name, but they are not "in use". For in-addr.arpa, I don't know if one can draw the same or similar conclusions. It might be more the ISP interest of running in-addr.arpa in the first place which matters. paf
At 10:02 AM +0200 2003/05/22, Daniel Karrenberg wrote:
So here is my proposal:
Sell the police reports as a premium service!
IMO, the problem is that the people who really need the service (those with unreachable servers and unreachable zones) are most likely the people who won't know that the premium service exists, or that they need it. Moreover, even if they know about it, they probably won't pay for it. I would be inclined to turn this around. Make the service an integral part of the array of services that are provided, and put into the contract that if certain circumstances occur, you can be charged extra as a result of your negligence. You could even have the zone taken away from you, if things got really bad. The only people who "pay" are those who are causing problems. The only issue I see here is making this kind of policy change effective retroactively, and getting all the various registrars of ccTLDs (and presumably the registrars of gTLDs) to go along. No one who needs the medicine will want the carrot that will provide it, or will know that they should want it. But they will all want to avoid the stick. At the very least, a more coordinated and public "name and shame" campaign might possibly do some good. -- Brad Knowles, <brad.knowles@skynet.be> "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
At 16:18 +0200 22/5/03, Brad Knowles wrote:
At 10:02 AM +0200 2003/05/22, Daniel Karrenberg wrote:
So here is my proposal:
Sell the police reports as a premium service!
IMO, the problem is that the people who really need the service (those with unreachable servers and unreachable zones) are most likely the people who won't know that the premium service exists, or that they need it. Moreover, even if they know about it, they probably won't pay for it.
I would be inclined to turn this around. Make the service an integral part of the array of services that are provided, and put into the contract that if certain circumstances occur, you can be charged extra as a result of your negligence. You could even have the zone taken away from you, if things got really bad. The only people who "pay" are those who are causing problems.
While this seems a fine idea from a geeky point of view, who exactly is going to give the authority to the RIR to carry out such a task? And how is the RIR going to enforce this sort of "traffic violations"? ...
At the very least, a more coordinated and public "name and shame" campaign might possibly do some good.
Be careful with "name and shame" policies. People might start asking why an organisation they are giving money to (particularly if they have only one choice for that organisation) would go about "naming and shaming" them. Informational statistical reports are one thing. Targetting and enforcement are a very different game, one that most organisations would onyl swallow, and with difficullty, if it is presented as a "click here and you will correct the wrong stuff" type of project, that is: help rather than punish. Joao
At 4:59 PM +0200 2003/05/22, Joao Luis Silva Damas wrote:
At the very least, a more coordinated and public "name and shame" campaign might possibly do some good.
Be careful with "name and shame" policies. People might start asking why an organisation they are giving money to (particularly if they have only one choice for that organisation) would go about "naming and shaming" them.
Sorry, when I said "name and shame", I meant from the perspective of an independent third party. Something along these lines is already done today, but I believe that these efforts could be increased and improved on. -- Brad Knowles, <brad.knowles@skynet.be> "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
participants (4)
-
Brad Knowles -
Daniel Karrenberg -
Joao Luis Silva Damas -
Patrik Fältström