On Tue, Jul 12, 2011 at 4:43 PM, Henrique de Moraes Holschuh <h...@debian.org> wrote: > On Tue, 12 Jul 2011, Tom H wrote:
>> IANA also maintains some server(s) for RFC1918 leaks. More or less ten >> years ago, I was at a company where, one day, none of the Mac boxes >> could telnet to or mount AFP shares on the Solaris boxes because that >> IANA service was down and it was providing reverse DNS for RFC1918 >> addresses... > > That would be AS112. The AS112 project provides an anycast cloud for the > three authoritative DNSes that take care of the IPv4 private, documentation > and link-local addresses. They'll soon handle some of the IPv6 reverse > address space as well. > > Note that AS112 clouds only route the IPv4 prefix 192.175.48.0/24, where the > BLACKHOLE-1.IANA.ORG, BLACKHOLE-2.IANA.ORG and PRISONER.IANA.ORG DNS servers > can be found, i.e. they do NOT provide a sinkhole for the IPv4 private > address space, just reverse DNS service. That was the problem. That company didn't have a reverse DNS zone. > http://public.as112.net/ > > http://tools.ietf.org/rfcmarkup?rfc-repository=http://www.rfc-editor.org/authors&doc=rfc6304&topmenu=true&document=draft-ietf-dnsop-as112-ops-09&docreplaces=draft-ietf-dnsop-as112-ops-09&title=RFC-EDITOR+AUTH48+REVIEW+COPY&extrastyle=body+{background-color:%23fee%3b} > > And there is the "AS112 operator's relief" RFC: > http://tools.ietf.org/rfcmarkup?rfc-repository=http://www.rfc-editor.org/authors&doc=rfc6305&topmenu=true&document=draft-ietf-dnsop-as112-under-attack-help-help-06&docreplaces=draft-ietf-dnsop-as112-under-attack-help-help-06&title=RFC-EDITOR+AUTH48+REVIEW+COPY&extrastyle=body+{background-color:%23fee%3b} > > Sorry about the long URLs, RFCs-to-be don't have nice short URLs (or I don't > know them). Your links didn't work for me but Google yielded (from them): http://tools.ietf.org/html/draft-ietf-dnsop-as112-ops-09 http://tools.ietf.org/html/draft-ietf-dnsop-as112-under-attack-help-help-06 which I think are the same (I think!). Thanks. > PS: that does mean the company where you worked at had incompetent DNS > administrators (if they had any at all). If incompetent is equivalent to the Windows DNS admins saying "this is a Unix problem", then yes... -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAOdo=SzKi2cyZFmavoj0YnrReBQTqq2i_oo0D=saf2q7yw0...@mail.gmail.com
