[dns-operations] Looking for a public blackhole/sinkhole IP address

Florian Lohoff f at zz.de
Wed Nov 26 22:05:31 UTC 2014


On Wed, Nov 26, 2014 at 04:10:07PM -0500, Joe Abley wrote:
> 
> On 26 Nov 2014, at 14:06, Warren Kumari <warren at kumari.net> wrote:
> 
> > What's wrong with 127.0.0.1? It makes it clear what the intent is, and
> > you don't get a much more distributed sinkhole than that...
> 
> I'm always wary of using 127.0.0.1 for anything that doesn't really mean "you
> should talk to yourself". Without a comprehensive knowledge of the impact,
> you don't know what you're blowing up.
> 
> > If there really is a use case, let's try and get a block allocated,
> > and encourage folk to anycast -> null0 for this.
> 
> https://github.com/ableyjoe/draft-jabley-well-known-sinkhole
> 
> Needs text. Not submitted. Co-authors welcome.

Would it make sense to also mention an probably seperate address which should
generate host unreachables? This should most likely be rate limited
and probably tcp only or something.

For certain scenarios a quick "nothing here" could be useful

E.g. sending smtp backscatter to a sink-hole or botnet command
and control server.

Flo
-- 
Florian Lohoff                                                 f at zz.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 828 bytes
Desc: Digital signature
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20141126/50acd253/attachment.sig>


More information about the dns-operations mailing list