Kill Verisign Routes :: A Dynamic BGP solution

Stephen J. Wilcox steve at telecomplete.co.uk
Thu Sep 18 22:51:08 UTC 2003


On Thu, 18 Sep 2003, Eric Germann wrote:

> 
> I wanted to discuss the merits of the following:
> 
> I have written a proof of concept solution to nuke a route to sitefinder.
> Code to those who care or to the list if anyone cares.  Perl is your friend
> :)
> 
> Basic concept:  Use Net::BGP to set up a peering session with my route
> server.  Query DNS for *.com and *.net on x interval.  Then take the answers
> (if they are valid A records) and inject them into the route server (which
> in our case is used solely to feed a blackhole network to sink traffic from
> APNIC space, etc).
> 
> If an address no longer appears in the DNS (i.e. the idiots switched hosts),
> withdraw the route.  If they set up multiple hosts, it will catch each one
> of them.  You can set the polling interval as you please.
> 
> Thoughts?

So totallymadeupdomain.com now resolves but is unreachable. That will prevent 
you from bouncing emails to non-existent domains immediately..

Steve




More information about the NANOG mailing list