[119962] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

IP address as a service identifier can be harmful (was

daemon@ATHENA.MIT.EDU (Dave Plonka)
Fri Dec 4 14:57:29 2009

Date: Fri, 04 Dec 2009 13:56:41 -0600
From: Dave Plonka <plonka@doit.wisc.edu>
In-reply-to: <75cb24520912041025o1ef0697ub0995dde3a0146d5@mail.gmail.com>
To: nanog@nanog.org
Reply-To: plonka@cs.wisc.edu
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org


Hmm, all these resolution services being advertised Internet-wide by
their [temporary?] IP addresses... it is an interesting variation of
we put some work into best practice considerations along these lines
a few years ago:

   Embedding Globally-Routable Internet Addresses Considered Harmful 
   BCP 105, RFC 4085: http://www.rfc-editor.org/rfc/bcp/bcp105.txt

So, a polite reminder: (while I am well aware that  host needs to
identify an initial DNS server by IP address, to bootstrap the process)
there is a documented history of bad things having happened when
publicly-advertised, "popular" Internet services were identified by
unique, globally-routable IP addresses without the use of some other
rendezvous mechanism (DNS, DHCP, etc.).  The addresses, and thus the
prefixes in which they reside, become encumbered by their past uses,
thus diminishing the ability to reuse those address blocks and raising
the unfortunate consideration to legitimately block or hijack those
IP addresses to deal with unexpected traffic load or security issues.

When the address for one's recursive DNS server is, instead, gotten
from a local DHCP server (or by local policy) then there is at least
the possibility, by responsible operators, to limit unwanted traffic
destined for those addresses in [inevitable] future.

Dave

On Fri, Dec 04, 2009 at 10:25:11AM -0800, Christopher Morrow wrote:
> On Fri, Dec 4, 2009 at 5:53 AM, Richard Bennett <richard@bennett.com> wrote:
> 
> >   Google will be all sweetness and light until they've crushed OpenDNS,
> >   and when the competitor's out of the picture, they'll get down to the
> >   monetizing.
> 
> one note: OpenDNS is not the only 'competitor' here.... just one of
> the better obviously known ones.
> 
> ie:
> 4.2.2.2  L(3)
> 198.6.1.1/2/3/4/5/122/142/146/195 ex-UU
> Neustar (can't recall ips, sorry)
> 
> -chris
> 

-- 
plonka@cs.wisc.edu  http://net.doit.wisc.edu/~plonka/  Madison, WI


home help back first fref pref prev next nref lref last post