[ppml] Bogons etc...
michel at arneill-py.sacramento.ca.us
Wed Jan 21 11:49:48 EST 2004
I don't think tossing DNS in the middle of this is a good idea. It's a
layer violation, and it creates a circular reference issue.
From: owner-ppml at arin.net [mailto:owner-ppml at arin.net] On Behalf Of Leo
Sent: Wednesday, January 21, 2004 8:30 AM
To: ppml at arin.net
Subject: Re: [ppml] Bogons etc...
In a message written on Wed, Jan 21, 2004 at 11:08:08AM +0000,
Michael.Dillon at radianz.com wrote:
> Does anyone else agree with me that we should be looking for a way
> to incorporate the bogon-related work into ARIN and the other RIRs?
I'd like to see the efforts to get the RIR's involved go in a
different direction. Borrowing from the distributed is good playbook,
having one entity tell me what is bad globally is not a good solution.
Indeed, having anyone tell me what is bad is problematic, because
no one person controls it all.
The RIR's do know what is "good", at least for their part of the
resource space. The problem is that what is good is not published
in readily available scriptable form.
Further, I think the place to do this is with DNS, much like many
of the spam black lists. A top level should be set aside (allocated?)
and delegated as appropriate. For instance, ARIN might be delegated
70.allocated. Further, ARIN may choose to return simply the whole
thing as valid, or to return sub-information, including but not limited
1.70.allocated. TXT "allocated" - This block has been allocated.
70.allocated. TXT "prefixlength 13 22" - Minimum /13, maximum
2.70.allocated. TXT "whois NET-MYISP-CONTACTS"
Allow ISP's to secondary. Convince some router vendors that:
ip prefix-list dns check-allocated check-length
Is a good idea.
This would give us a fully distributed system, based on positive
information. It could be easily scripted, easily added to router code,
and easily integrated with existing anti-spam solutions.
Granted, there are a whole lot more details (what the records can and
can't say, txt vrs ptr with special IP's, etc), and they should be done
in a written standard, across RIR's, but I think the information can
easily fit in DNS, there is precident (anti-spam stuff), it's easy to
use and understand, it's distributed, and it can be easily mirrored
locally by ISP's to take the load off the RIR's.
Leo Bicknell - bicknell at ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org
More information about the ARIN-PPML