HELP: Decomissioning a DNS anti-spam list

[Paul Vixie]

"Ronald F. Guilmette" <rfg at monkeys.com> writes:

> ...
> So can anybody help me with this?  There has GOT to be some way of de-
> commissioning a zone such that further queries against the zone will
> not be a huge burden on _my_ bandwidth.  I just need somebody to tell
> me what it is.

the best thing would be to delegate these subzones to servers with 
enough bandwidth to hand out NXDOMAIN (rcode 3) in response to every
query.  we (isc) would be willing to act as public nameservers for
empty, static zones to accomplish that end, since it would give us
some data to measure and feed into DNS-OARC (see http://oarc.isc.org/).

you'd still receive queries to get your NS RR's.  we could slave your
main domain (the parent of these troublesome ones) to share that load,
if you're willing to promise that you're done spamming syslog daemons
all over the world and similar controversial behaviour.

> Or is this impossible?  Is the design of the DNS protocol so
> ill-conceived as to make this kind of decomissioning impossible?
> 
> Please help me, and educate me.

it's been many years since maps.vix.com disappeared, but i'm still
getting queries about it.  i think the lesson is that service delivery
over dns which requires that a domain name be hard coded into a
config file (like sendmail.cf) is dangerous and requires great care.
(like for example, not using subdomains of a domain you think might
outlast the service.)
-- 
Paul Vixie