[dns-operations] Reducing AS112 traffic
Sidney Faber
sfaber at cert.org
Mon Nov 19 13:28:03 UTC 2007
In an effort to bring this thread to a graceful close, I'd like to
summarize:
For an enclave to reduce AS112 traffic, the should:
(1) Create in-addr.arpa zones for private address space as per
mamakos at cert.org
(2) Configure a local [private] AS112 node as discussed
http://www.chagreslabs.net/jmbrown/research/as112/
(3) Block traffic to 192.175.48.0/24, but only do this if you've
already done (1) or (2) and you're sure you won't impact operations.
I know there's nothing new here, and it's exactly what was out there
before I started asking the questions. But I've seen a few additional
recommendations in various places, and I've also tried to anticipate
things sysadmins might think up on their own as possible remedies. Now
I have rebuttals for them.
Thanks for letting me challenge you with some off-the-wall ideas, and
for providing observations both on and off the list.
sid
--
Sid Faber, Member of the Technical Staff
CERT
Software Engineering Institute
Carnegie Mellon University
sfaber at cert.org
More information about the dns-operations
mailing list