[vox-tech] PPoE us just fine

ME vox-tech@lists.lugod.org
Sun, 24 Feb 2002 21:57:52 -0800 (PST) 

On Sun, 24 Feb 2002, Ed Glass wrote:
> Wonder why the connection suddenly started to choke on it?!?
> Any gurus out there got an idea?

I am still a newbie, but here is a suggestion:

When an ISP or user sets up a DNS, they may choose to be a complete DNS
source and fully resolve all lookups for anyone in the world. Many DNS are
first setup just like this. However, as time passes, and more people use
the ISP's DNS and the bandwidth utilization is actually impacted with
global DNS lookups for people that are not customers/payers, they start to
re-think the free and giving donation and look to save a little bandwidth.

It often leads to only allowing complete DNS lookup for any arbitrary
domain from IP addresses served by the ISP while allowing complete DNS
lookups for any domains for the the ISP is authoritative, to everyone.

Next, it may move to denied zone transfers except for certain
hosts. (Something I think should be first.)

Next, DNS name caching is set to ignore some hosts who request a
hostname-lookup expiration time less than some arbitrary time (say if a
DNS says a lookup expires after 10 minutes, a busy DNS after making this
lookup could be configured to make all requests for name expiration less
than 1 day, be re-set to 1 day.)

Other things can be done to limits bandwidth used to use a DNS service,
but most are rather excessive in most cases.

A DNS can be configured to do all of the above and yet fully resolve any
domain for which the DNS is itself authoritative. (Say I own aol.com, I
can have my DNS resolve any *.aol.com, and resolve any name from our
consumers ranges of IP addresses, but not resolve anything else from
anyone else.)

If mother.com decided to start blocking full DNS service to IP addresses
from non-customers (even if they are normally customers, but are using a
different IP from a different ISP) then they may have just decided to cut
it. Perhaps just heavy users, perhaps all users. It is up to them. If DNS
works for some, but not for others, then they may have chosen to just
block a few IP addresses from use (not likely)

Also, it is possible for an ISP to enable DNS port blocking (inbound) for
most of their internal IP addresses, and only allow it to get to their DNS
and force all users to use their DNS which perform the complete lookup and
resturn results to their internal users. (Also unlikely and a bit
fascist.)

-ME

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/CM$/IT$/LS$/S/O$ !d--(++) !s !a+++(-----) C++$(++++) U++++$(+$) P+$>+++ 
L+++$(++) E W+++$(+) N+ o K w+$>++>+++ O-@ M+$ V-$>- !PS !PE Y+ !PGP
t@-(++) 5+@ X@ R- tv- b++ DI+++ D+ G--@ e+>++>++++ h(++)>+ r*>? z?
------END GEEK CODE BLOCK------
decode: http://www.ebb.org/ungeek/ about: http://www.geekcode.com/geek.html