[119962] in North American Network Operators' Group
IP address as a service identifier can be harmful (was
daemon@ATHENA.MIT.EDU (Dave Plonka)
Fri Dec 4 14:57:29 2009
Date: Fri, 04 Dec 2009 13:56:41 -0600
From: Dave Plonka <plonka@doit.wisc.edu>
In-reply-to: <75cb24520912041025o1ef0697ub0995dde3a0146d5@mail.gmail.com>
To: nanog@nanog.org
Reply-To: plonka@cs.wisc.edu
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Hmm, all these resolution services being advertised Internet-wide by
their [temporary?] IP addresses... it is an interesting variation of
we put some work into best practice considerations along these lines
a few years ago:
Embedding Globally-Routable Internet Addresses Considered Harmful
BCP 105, RFC 4085: http://www.rfc-editor.org/rfc/bcp/bcp105.txt
So, a polite reminder: (while I am well aware that host needs to
identify an initial DNS server by IP address, to bootstrap the process)
there is a documented history of bad things having happened when
publicly-advertised, "popular" Internet services were identified by
unique, globally-routable IP addresses without the use of some other
rendezvous mechanism (DNS, DHCP, etc.). The addresses, and thus the
prefixes in which they reside, become encumbered by their past uses,
thus diminishing the ability to reuse those address blocks and raising
the unfortunate consideration to legitimately block or hijack those
IP addresses to deal with unexpected traffic load or security issues.
When the address for one's recursive DNS server is, instead, gotten
from a local DHCP server (or by local policy) then there is at least
the possibility, by responsible operators, to limit unwanted traffic
destined for those addresses in [inevitable] future.
Dave
On Fri, Dec 04, 2009 at 10:25:11AM -0800, Christopher Morrow wrote:
> On Fri, Dec 4, 2009 at 5:53 AM, Richard Bennett <richard@bennett.com> wrote:
>
> > Google will be all sweetness and light until they've crushed OpenDNS,
> > and when the competitor's out of the picture, they'll get down to the
> > monetizing.
>
> one note: OpenDNS is not the only 'competitor' here.... just one of
> the better obviously known ones.
>
> ie:
> 4.2.2.2 L(3)
> 198.6.1.1/2/3/4/5/122/142/146/195 ex-UU
> Neustar (can't recall ips, sorry)
>
> -chris
>
--
plonka@cs.wisc.edu http://net.doit.wisc.edu/~plonka/ Madison, WI