Newbie Questions: How-to monitor/control unauthorized uses of our IPs and DNS zones?
Valdis Kl=?utf-8?Q?=c4=93?=tnieks
valdis.kletnieks at vt.edu
Fri Aug 20 20:48:15 UTC 2021
On Fri, 20 Aug 2021 01:32:16 +0700, Pirawat WATANAPONGSE via NANOG said:
> 1. How-to monitor whether some outsiders are putting our IP addresses into
> their A/AAAA records without me knowing about it?
So some bozo sticks an entry in their DNS that says
bozo-entry.example.com A your.ip.address.here
Who cares? What problem does this cause?
You'd never even know it unless somebody/something actually *uses*
the DNS record - which will result in traffic to the address. And at that
point, you usually don't care what DNS entry was used, except for the
case of a webserver serving multiple names and using different TLS
certificates for each name.
> 2. How-to monitor whether some outside websites are just âshellsâ, with
> contents actually being hosted by our servers without me knowing about it?
Again - what actual problem are you trying to solve here? If you're being used
as a cache or backend site and don't know it, you have *bigger* problems.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 494 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20210820/def8f21c/attachment.sig>
More information about the NANOG
mailing list