[Collisions] "controlled interruption" - 127/8 versus RFC1918 space

Rubens Kuhl rubensk at nic.br
Thu Jan 9 16:22:56 UTC 2014

Em 09/01/2014, à(s) 14:18:000, Jeff Schmidt <jschmidt at jasadvisors.com> escreveu:

> Folks:
> re: "controlled interruption" (see http://domainincite.com/15512-controlled-interruption-as-a-means-to-prevent-name-collisions-guest-post)
> It has been suggested instead of using, use something within RFC1918 space (for example,  The thinking being that using 1918 space allows someone who wants to monitor which boxes are resolving those DNS names (and getting the flag IPs) to do so more easily by honeypotting these responses, logging at a firewall, etc.  Such tricks are harder in 127/8 space.  Looking for errors generated by the 127/8 addresses would involve searching individual application layer logs for connection errors to those addresses.
> Two phases could be used – a period that returns and a second that returns
> While I see the value, I'm also a bit leery about injecting unexpected responses into 1918 space that could possibly be in use within the enterprise.  That may cause unintended consequences itself.
> Thoughts?  Value trade between possibly more effective notification vs. "protecting the sanctity" of RFC1918 space?


We could also return both values either all times or on the second period in a round-robin fashion. 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/collisions/attachments/20140109/0999f53e/attachment.htm>

More information about the Collisions mailing list