Newbie Questions: How-to monitor/control unauthorized uses of our IPs and DNS zones?

• Previous message (by thread): What does it mean to be issued an IP address block? (Re: Newbie Questions: How-to monitor/control unauthorized uses of our IPs and DNS zones?)
• Next message (by thread): Re: Newbie Questions: How-to monitor/control unauthorized uses of our IPs and DNS zones?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 20 Aug 2021 01:32:16 +0700, Pirawat WATANAPONGSE via NANOG said:

> 1. How-to monitor whether some outsiders are putting our IP addresses into
> their A/AAAA records without me knowing about it?

So some bozo sticks an entry in their DNS that says

bozo-entry.example.com   A  your.ip.address.here

Who cares? What problem does this cause?

You'd never even know it unless somebody/something actually *uses*
the DNS record - which will result in traffic to the address.  And at that
point, you usually don't care what DNS entry was used, except for the
case of a webserver serving multiple names and using different TLS
certificates for each name.

> 2. How-to monitor whether some outside websites are just ‘shells’, with
> contents actually being hosted by our servers without me knowing about it?

Again - what actual problem are you trying to solve here?  If you're being used
as a cache or backend site and don't know it, you have *bigger* problems.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 494 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20210820/def8f21c/attachment.sig>

• Previous message (by thread): What does it mean to be issued an IP address block? (Re: Newbie Questions: How-to monitor/control unauthorized uses of our IPs and DNS zones?)
• Next message (by thread): Re: Newbie Questions: How-to monitor/control unauthorized uses of our IPs and DNS zones?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]