[dns-operations] [QUAR] Reducing AS112 traffic

Sidney Faber sfaber at cert.org
Mon Nov 12 17:02:23 UTC 2007


No doubt, making the DNS server authoritative for private zones is the
best, first case, and if everyone did it, there wouldn't be any AS112
traffic.  Unfortunately, not everyone can, so is there some additional
advice we can give them?  What can I tell the multinational corporation
that has a manageable set of network choke points, but very little
control over how protocols are used within individual enclaves?  Or the
super-paranoid  small enterprise that wants multiple layers to make sure
no internal addressing info leaked out at all?

Thanks,
sid





Andrew Sullivan wrote:
> On Mon, Nov 12, 2007 at 10:44:07AM -0500, Sidney Faber wrote:
> 
>> In the mean time, I know some folks would like to block AS112 traffic,
>> and I'd like to give them some advice.  
> 
> I think that advice is what 
> 
>   http://tools.ietf.org/wg/dnsop/draft-ietf-dnsop-default-local-zones/
> 
> is supposed to provide?
> 
> A
> 
> 

-- 
Sid Faber, Member of the Technical Staff
CERT
Software Engineering Institute
Carnegie Mellon University
sfaber at cert.org



More information about the dns-operations mailing list