[dns-operations] [QUAR] Reducing AS112 traffic
Ed.Lewis at neustar.biz
Wed Nov 28 15:45:52 UTC 2007
I don't think you have a technical problem. You have an organization
that is not in control of its assets.
Although there is a draft in the IETF, the problem is that "there is
a draft in the IETF," and not a final, refereed/reviewed document
that can be cited as a reference. Efforts to help this document get
done would be a good step.
Once there is a document of some weight, this can be used to inform
the organization about at least one detail they should undertake to
behave better on the network. This step is usually done via either
evangelizing as an outsider or consulting for the company.
Sounds like this company is in need of an edumackation.
At 6:06 PM -0500 11/12/07, Sidney Faber wrote:
>Yes, there's two very specific cases I have in mind from what I've seen
>within the DITL AS112 pcaps.
>First, there's the large corporate network where HQ has control of the
>routing infrastructure, but not the DNS infrastructure. HQ acts as an
>ISP for its branch offices. They can not configure empty zones to serve
>(the most popular external DNS service is often 184.108.40.206,2). They can
>potentially stand up a site-local AS112 node, but it's not easy. It is
>easy for them to ACL addresses, they do it all the time to protect their
>infrastructure. Is it a legitimate alternative to recommend they ACL
>Second, there's the wandering laptop. Granted, not a big traffic
>generator, perhaps not a big deal, but perhaps something we can deal
>with. The laptop's configured by policy to dynamically register its DNS
>connection to prisoner. Setting aside whether or not this is a concern,
>is it legitimate to recommend that policy on managed networks should
>always have the DHCP server do the registration, and turn registration
>off by default for clients?
>Thanks once again for your feedback, I appreciate the insights and help
>clarifying what I'm trying to say (and whether it's reasonable!)
Edward Lewis +1-571-434-5468
Think glocally. Act confused.
More information about the dns-operations