On Fri, 2005-02-18 at 19:22 -0600, Aleksandar Milivojevic wrote: > Quoting Deron Meranda <deron.meranda@xxxxxxxxx> > Date: Fri, 18 Feb 2005 17:45:30 > > > Okay, that is funny. Maybe their domain name is meant to be taken > > literally? > > Who knows, maybe ;-) > > > However the NS records are on sonic.net, which is supposedly their > > hosting ISP. I can't currently find any delegation or other records to > > the > > ipwhois subdomain (even an SOA record); so perhaps they are already > > in the process of fixing it?? > > > > I think maybe they should re-evaluate their ISP? > > Actually, seems that they discontinued their ipwhois database. And instead of > returning NXDOMAIN for queries, they did this stupidity in hope that it will > have effect of people stopping using it. In reality, they are mostly filling > logs of DNS servers administered by people who had nothing to do with original > queries (and will most likely simply ignore those entries in log files since > they have nothing to do with them), and most of automated software that was > using it (such as SpamAssassin) treats SERVFAIL response just the same as > NXDOMAIN response (so end user who installed SpamAssassin or similar software > isn't going to notice it at all). Basically, they did something plain stupid > (even in case they are not violating any RFCs). What would you suggest they did instead of this? There has been a notice posted about the discontinuation of the ipwhois zone right at the top of the rfc-ignorant.org home page for months before the zone was stopped, and it's still there right now. Changing the NS records to point to localhost will not actually break anything but may result in log entries such as those you are seeing, which is people using your nameserver (who presumably you have some influence over) to look up entries in this zone. So is it possible for you to identify who is doing these lookups and point out to them the error of their ways? By way of comparison, consider what the operator of the "monkeys.com" open proxy list did (this was a very popular list btw). After publicly announcing in all well-known anti-spam fora that the service was to be discontinued several months in advance, he was still getting sufficient queries to his DNS server some 6 months later that it was taking up a significant part of his bandwidth (the NXDOMAIN responses were not cached for long so the same IP would be looked up much more frequently that it would have been when it was listed). So, in order to get everyone still trying to use the zone to "notice" that it no longer was working, he set up the zone so that *every* IP address was listed. Suffice it to say that this got the attention of lots of people (but not all of the people still using it, strangely), but those people were less than happy! Paul. -- Paul Howarth <paul@xxxxxxxxxxxx>
