[dns-operations] Reducing AS112 traffic

Sidney Faber sfaber at cert.org
Mon Nov 19 13:28:03 UTC 2007


In an effort to bring this thread to a graceful close, I'd like to
summarize:

For an enclave to reduce AS112 traffic, the should:
(1)  Create in-addr.arpa zones for private address space as per
mamakos at cert.org
(2)  Configure a local [private] AS112 node as discussed
http://www.chagreslabs.net/jmbrown/research/as112/
(3)  Block traffic to 192.175.48.0/24, but only do this if you've
already done (1) or (2) and you're sure you won't impact operations.

I know there's nothing new here, and it's exactly what was out there
before I started asking the questions.  But I've seen a few additional
recommendations in various places, and I've also tried to anticipate
things sysadmins might think up on their own as possible remedies.  Now
I have rebuttals for them.

Thanks for letting me challenge you with some off-the-wall ideas, and
for providing observations both on and off the list.

sid



-- 
Sid Faber, Member of the Technical Staff
CERT
Software Engineering Institute
Carnegie Mellon University
sfaber at cert.org



More information about the dns-operations mailing list