[RFCI-Discuss] "rfc-ignorant.(com,net)" lookups

Derek J. Balling dredd at megacity.org
Tue Feb 26 19:50:26 EST 2008 

I'm looking for some guidance. I've noticed over time that the  
quantity of misconfigured lookups for "$REV_IP.$ZONE.rfc-ignorant.com"  
has been steadily increasing over time.

I wish, wish, wish, that I'd always set those zones up, "8:00 Day  
One", with wildcard lookups so that they would "fail immediately" in  
testing and that would hopefully prevent people (or at least  
discourage them) from using them in their mail servers.  It's  
important to note that any use of those domains is a complete  
misconfiguration on their part, as we've never advertised them as  
usable.

I'm torn between a couple options:

	1.) Try to throw up the red flag

	In this option, I would start returning "127.0.0.254" for any lookups  
within the (com,net) domains.  Some would notice, some won't. It would  
probably catch and stop SOME of the traffic

	2.) Try to shift the traffic elsewhere

	In this option, I would attempt to convince the myriad folks who  
slave and serve up the .org domain to also serve up the .com and .net  
domains, and point the NS records at those hosts, like I do now  
with .org. The traffic continues but it isn't swarming over my measly  
little personal server.
	
	3.) Leave flames burning bright behind me
	
	I don't *need* com and net... I could always just abandon them in  
place, or point their DNS into space somewhere unused and call it a  
day on that front. But abandoning the domain seems like a great way  
for someone less "reputable" to claim them and use them for  
potentially nefarious purposes, and pointing the DNS anywhere other  
than RFC1918 space seems evil (and -- I think -- the registrars catch  
that when you try to use 1918 space there, I should try that....)


Anyone have any thoughts?

Cheers,
D

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2478 bytes
Desc: not available
Url : http://lists.megacity.org/pipermail/rfci-discuss/attachments/20080226/1108a870/attachment.bin

More information about the RFCI-Discuss mailing list