[Collisions] "controlled interruption" - 127/8 versus RFC1918 space

Gavin Brown gavin.brown at centralnic.com
Thu Jan 9 21:31:13 UTC 2014


Another somewhat out of the box idea: we can send more information by
answering with a CNAME, ie:

Query: blahblah.sometld IN A
Answer: blahblah.sometld IN a-message-to-explain-why-this-is-bad.nic.sometld

Query: a-message-to-explain-why-this-is-bad.nic.sometld IN A
Answer a-message-to-explain-why-this-is-bad.nic.sometld IN A 127.0.0.1

G.

On 09/01/2014 21:20, Joe Abley wrote:
> 
> On 2014-01-09, at 15:25, Chris Cowherd <chris at donuts.co> wrote:
> 
>> I think the benefits of concentrating on a single IP will reap fruit when they go searching the Internet for help. I do see your point on using 10.53.53.53 but consider, there may actually be a machine there (its a stretch but could confuse engineers i.e. Why are you using a printer as an MTA?).
>>
>> To an engineer, 127.0.53.53 is unusual enough to alert them as well as not send them chasing down non-problems.
> 
> A correct host implementation will not send datagrams to the network with a source or destination address within 127/8 [RFC1700] or ::1/128 [RFC 4291].
> 
> However, it's not obvious what implementations do in real life. RFC3330 comments that the IPv4 loopback address is "ordinarily implemented using only 127.0.0.1/32", for example.
> 
> The goal of the work that triggered this thread is to keep traffic triggered by the disappearance of NXDOMAIN responses for QNAMEs subordinate (or identical) to new gTLDs local, ideally on the same host that originated them, to avoid mysterious service failures or information leakage.
> 
> So, the specification suggests that for IPv6 there's only one address to play with, ::1/128.
> 
> The specification suggests that for IPv4 there's a /8 to play with, but at least one RFC concedes that it's possible for packets sent to destinations covered by 127/8 (but not 127.0.0.1) to be sent to the network.
> 
> What studies exist to confirm that (say) 127.0.53.53 won't attract network traffic from a host? What is the expected analogue to 127.0.53.53 for IPv6, and what studies exist for how that traffic might be treated by a variety of hosts?
> 
> Agreed that using RFC1918 addresses as destinations is risk-prone (you'd think they ought to at least not leak from individual ASes, but observation suggests otherwise, hence AS112).
> 
> [I like the out-of-boxness of the thinking that triggered all of this, but I don't see it going anywhere. Quite aside from the legal-economic difficulties in rebuilding the new gTLD aircraft in flight alluded to earlier, I think the ideas here involve unproved assumptions (e.g. wrt 127.0.53.53), are IPv4-centric and are likely to lead to more headaches than they solve.]
> 
> 
> Joe
> 
> 
> 
> _______________________________________________
> Collisions mailing list
> Collisions at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/collisions
> 

-- 
Gavin Brown
Chief Technology Officer
CentralNic Group plc (LSE:CNIC)
Innovative, Reliable and Flexible Registry Services
for ccTLD, gTLD and private domain name registries
https://www.centralnic.com/

CentralNic Group plc is a company registered in England and Wales with
company
number 8576358. Registered Offices: 35-39 Moorgate, London, EC2R 6AR.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 308 bytes
Desc: OpenPGP digital signature
URL: <http://lists.dns-oarc.net/pipermail/collisions/attachments/20140109/97c47bfe/attachment-0001.pgp>


More information about the Collisions mailing list