[Collisions] "controlled interruption" - 127/8 versus RFC1918 space

[Chris Cowherd]

Interesting idea to return both values.  Makes it significantly more
obvious to hopefully prompt a web search to see what's going on.


On Thu, Jan 9, 2014 at 8:22 AM, Rubens Kuhl <rubensk at nic.br> wrote:

>
> Em 09/01/2014, à(s) 14:18:000, Jeff Schmidt <jschmidt at jasadvisors.com>
> escreveu:
>
> Folks:
>
> re: "controlled interruption" (see
> http://domainincite.com/15512-controlled-interruption-as-a-means-to-prevent-name-collisions-guest-post
> )
>
> It has been suggested instead of using 127.0.53.53, use something within
> RFC1918 space (for example, 10.53.53.53).  The thinking being that using
> 1918 space allows someone who wants to monitor which boxes are resolving
> those DNS names (and getting the flag IPs) to do so more easily by
> honeypotting these responses, logging at a firewall, etc.  Such tricks are
> harder in 127/8 space.  Looking for errors generated by the 127/8 addresses
> would involve searching individual application layer logs for connection
> errors to those addresses.
>
> Two phases could be used – a period that returns 127.0.53.53 and a second
> that returns 10.53.53.53.
>
> While I see the value, I'm also a bit leery about injecting unexpected
> responses into 1918 space that could possibly be in use within the
> enterprise.  That may cause unintended consequences itself.
>
> Thoughts?  Value trade between possibly more effective notification vs.
> "protecting the sanctity" of RFC1918 space?
>
>
> Jeff,
>
> We could also return both values either all times or on the second period
> in a round-robin fashion.
>
>
> Rubens
>
>
>
>
> _______________________________________________
> Collisions mailing list
> Collisions at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/collisions
>
>


-- 
Chris Cowherd, CTO Donuts Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/collisions/attachments/20140109/fc8032f2/attachment.htm>