[dns-operations] Looking for a public blackhole/sinkhole IP address

Warren Kumari warren at kumari.net
Wed Nov 26 23:22:00 UTC 2014


On Wed, Nov 26, 2014 at 4:10 PM, Joe Abley <jabley at hopcount.ca> wrote:
>
> On 26 Nov 2014, at 14:06, Warren Kumari <warren at kumari.net> wrote:
>
>> What's wrong with 127.0.0.1? It makes it clear what the intent is, and
>> you don't get a much more distributed sinkhole than that...
>
> I'm always wary of using 127.0.0.1 for anything that doesn't really mean "you should talk to yourself". Without a comprehensive knowledge of the impact, you don't know what you're blowing up.
>
>> If there really is a use case, let's try and get a block allocated,
>> and encourage folk to anycast -> null0 for this.
>
> https://github.com/ableyjoe/draft-jabley-well-known-sinkhole


This thingie has many aspects that look a bunch like AS112 -- I'm
wondering if it makes sense to also request an AS number for this.
It's not strictly needed, but having fewer inconsistent origin routes
is always nice.

It also seems that (also like AS112), networks could do this in one of
(at least) 3 ways:
1: They can spin up this route purely within their own network  --
basically have one or more places where the route points at null0 /
discard and *not announce it to peers / customers* or
2: announce to customers only or
3: be good citizens and announce it to everyone.

1 and 2 already exist, for RTBH (like you mention in the doc), they
are just not anycasted. I wonder if we ask the IANA nicely if they'd
assign 666.666.666.0/24 to.. oh, bugger....

The more people who do this, the more benefit there is - unfortunately
this argument often doesn't work on the Internets, but still worth
trying...

>
> Needs text. Not submitted. Co-authors welcome.

I'm making some edits, will send a pull request in a bit.
Specifically the guidance to network operators section, and I'll take
an initial stab at a privacy considerations bit. I'm guessing that we
are going to have somewhat of a fun time with the privacy / security
implications bits. It won't be long till someone hits upon the idea of
standing up a listener / server on one of these addresses. One would
hope that the traffic that would arrive at a global sinkhole would be
"safe", but seeing as some of the uses for this would be to sink bad
stuff, someone will want to measure how much "bad stuff" domain or
malware XXX is generating - this will require looking at the bad stuff
to disambiguate "this" bad stuff from "that" bad stuff, and now you
have a bit of a mess... Perhaps this actually turns out to be a
dangerous idea.....

W

>
>
> Joe



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf



More information about the dns-operations mailing list