example.com/net/org DNS records

• Previous message (by thread): example.com/net/org DNS records
• Next message (by thread): example.com/net/org DNS records
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 04 Jan 2004 08:36:17 PST, Roger Marquis said:

>  * Why did they assign NSs and a valid IP to these invalid domains?

So they can put up an explanatory website that says "Don't do that,
you idiot".  This is similar to the choice of one of the RFC1918 address
blocks because a major vendor used an adddress in that block as their
"Hey there, I'm an unconfigured system" address.  Sometimes, things
get done out of sheer pragmatism.

>  * Are they breaking the RFC by doing this?

I'd say the problem of 1918 leakage is a bigger concern.  I'm sure
the example.* webserver isn't getting thousands of hits per second
like the root nameservers are seeing from 1918 addresses.

>  * Are they breaking anti-UCE filters by doing this? (yes)

Only in that you can't ban mail from example.com because it doesn't
have a DNS entry.  (a) I don't see enough forged mail from example.com
to worry about it, and (b) I think we all should have learned about trusting
*that* check implicitly after Verisign's stunt.

>  * Are they harvesting URLs and referrers?

Well, the URL would point to them.  What do they get out of that?

The referrer doesn't tell them anything, other than "the referer page had
an example URL that somebody was dumb enough to click on".  Note that
at that point, you really *want* to hand the poor user an explanation rather
than a host-not-found (see the first point).

>  * Will they next advertise routes for RFC 1918 addresses?

If they want to DDoS themselves, sure.

If they did do it and your site noticed, you're obviously one of Randy Bush's
competitors who took his advice.  Google for '+bgp +filter', and get some
heavier-duty aluminum foil next time you're at the supermarket.....

Having said that, I wonder who'd notice if AS701 suddenly announced the 3 1918
blocks.  Like Postel's hijacking of the root, no correctly configured systems
should notice anything happened... :)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20040104/48ae9778/attachment.sig>

• Previous message (by thread): example.com/net/org DNS records
• Next message (by thread): example.com/net/org DNS records
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]