Bogon Filter - Please check for 77/8 78/8 79/8

william(at)elan.net william at elan.net
Wed Dec 13 18:25:57 UTC 2006



On Wed, 13 Dec 2006 Michael.Dillon at btradianz.com wrote:

> It's not just incorrect data. The design of the
> system used by completewhois is flawed at the core.

No more so that other systems that rely on automation
with some human involvement but see below as I generally
agree with what you meant.

> They only know that certain address ranges are
> "bogons" at a certain point in time. If their system
> only reported this fact along with the date for
> which it is known to be valid, then they would
> likely win any lawsuits for incorrect data.

Timestamps are included in every generated file. There
is general timestamp when full list was put together
(usually daily and that's what almost everyone is using)
but also there are different timestamps for each individual
list which for semi-static list like IANA allocations,
IANA bogons, IANA special-use blocks are updated only
when this list is manually updated.

> The fact is, that you can only know that an address
> range is a bogon at the point in time which you check
> it and that it WAS a bogon for some past period. For
> most bogons, it is not possible to predict the future
> time period during which it will remain a bogon.

That is why system is doing rebuilding on daily basis.

> Any protocol which does not allow the address range
> to be presented along with the LAST TIME IT WAS CHECKED
> is simply not suitable for presenting a bogon list.
> BGP simply is not suitable for this. HTTP/REST, XML-RPC
> or LDAP could be used to make a suitable protocol.

I know you like LDAP a lot, but its not protocol that have
found support in operations community (as opposed to say
RSYNC not mentioned above...). But as I've already thought
about it before, I'll look into making data about each
individual entry available by whois lookups and extended
text file with comments (# after each entry) with these
comments also see in TEXT DNS lookups.

> But even better would be to not have any bogons at all.
> If IANA and the RIRs would step up to the plate and
> provide an authoritative data source identifying which
> address ranges have been issued for use on the Internet
> then bogon lists would not be needed at all. And if people
> plug their systems into the RIR data feed, then there would
> be fewer issues when the RIRs start issuing addresses from
> a new block. IANA would be the authoritative source for
> stuff like RFC 1918 address ranges and other non-RIR ranges.

SIDR will provide authoritative signed data, but it maybe quite
some time (my guess at least 10 years) before we see majority
of BGP advertised blocks with signed certificates available
(and as to ALL doing it, I fear to guess...). And I do agree
with you about IANA; not only that but at the first (?) IETF SIDR
meeting I even mentioned need for IANA to distribute certificates
for non-allocated and special-use blocks. Others weren't very
optimistic that they'd step up; in fact put it this way -
by the time they may get to it, there may no longer by any
unassigned IPv4 blocks left.

P.S. I'd be curious if there are people who would like to see
daily "activebogons" list as email report including section
about changes from yesterday to today, I don't want to just
send something like this to some list I've not been invited to
do so but can setup separate list for this on new mail server.
This would allow others to check on and discuss potentially
wrong entries. If you're interested you should send email to
me privately.

---
William Leibzon
Elan Networks
william at elan.net



More information about the NANOG mailing list