[dns-operations] DNS deluge for x.p.ctrc.cc
Lutz Donnerhacke
lutz at iks-jena.de
Wed Mar 1 20:43:02 UTC 2006
* Geo. wrote:
> We can fix spoofing today without breaking anything, there is no valid
> reason to spoof so blocking that capability takes nothing away from the
> internet.
Unfortunly, that's not true. Spoofing is a common and wide spread technique
to simulate multihoming without PI space. This is independant of an own AS.
Of course, this is a very broken way to reach "redundancy", but it's damn
common for a small and medium companies. Simply take two incredibly cheap
broadband access' from different providers, a very cheap router (Windows
handles multiple default routes in round robin behavior aka per packet load
balancing) and set up your own DNS on the same box using addresses from both
providers. Now undergo the DNS caching by setting the TTL to some minutes
and change the www.dom.ain A RRs depending on availibily of each provider.
For the last step you hire a student to write or download a buggy script.
You might ease this setup by some dyndns4free provider and throw away the
extra cost of static IPs. You are free to add as many cheap providers as you
like.
This setup scales well, is incredible stable and tunnels any business
product without redundancy in price.
Guess, which cheap broadband provider will be kicked off, if BCP38 is
introduced.
Please don't forget: IPv6 does not even offer PI space like solutions, it
urges the companies to spoof ...
More information about the dns-operations
mailing list