[dns-operations] Looking for a public blackhole/sinkhole IP address

Robert Edmonds edmonds at mycre.ws
Thu Nov 27 00:12:56 UTC 2014

Warren Kumari wrote:
> This thingie has many aspects that look a bunch like AS112 -- I'm
> wondering if it makes sense to also request an AS number for this.
> It's not strictly needed, but having fewer inconsistent origin routes
> is always nice.
> It also seems that (also like AS112), networks could do this in one of
> (at least) 3 ways:
> 1: They can spin up this route purely within their own network  --
> basically have one or more places where the route points at null0 /
> discard and *not announce it to peers / customers* or
> 2: announce to customers only or
> 3: be good citizens and announce it to everyone.
> 1 and 2 already exist, for RTBH (like you mention in the doc), they
> are just not anycasted. I wonder if we ask the IANA nicely if they'd
> assign 666.666.666.0/24 to.. oh, bugger....
> The more people who do this, the more benefit there is - unfortunately
> this argument often doesn't work on the Internets, but still worth
> trying...

If one is trying to dispose of "250 million DNS requests per second" [0]
or "> 1Mr/s (mega-requests per second)" [1], then you probably *don't*
want the traffic to be routed to whoever happens to have announced it,
or anywhere, really.  That seems to be a much different use case (drop
the traffic as quickly and universally as possible, minimizing
collateral damage) from routing the traffic to something like a
community sinkhole.

[0] http://www.forbes.com/sites/parmyolson/2014/11/20/the-largest-cyber-attack-in-history-has-been-hitting-hong-kong-sites/

[1] https://la51.icann.org/en/schedule/mon-tech/presentation-dafa888-dos-attack-13oct14-en.pdf

Robert Edmonds

More information about the dns-operations mailing list