On Mar 5, 2014, at 00:09 , Sanjeev Gupta <sanjeev@dcs1.biz> wrote:


On Wed, Mar 5, 2014 at 5:33 AM, Masato Yamanishi <myamanis@japan-telecom.com> wrote:
Is there anyone who want to continue this proposal?

I read the Transcript, and saw the comment made on the inadvisability of 1.2.3.4/24 being used as a DNS resolver.  I am not sure that this concern is either new enough, or severe enough, to substantially cause the proposal to be dropped.

To quote the Transcript:
Yoshinobu Matsuzaki (IIJ): Let me clarify

            why I oppose to the prop-110, because

            it's creating a new security risk.  Once

            the broadband router is set with default

            setting, that DNS reserve the 1.2.3.4, if

            there's no DNS server maintained by ISP,

            probably it's query to the DNS server in

            the Internet, and sometimes it's

            maintained by good guy, but sometimes it

            could be maintained by bad boy.  Right?



I see two scenarios which might lead to to this objection: (Yamanishi-san, please forward this email to mazz if he is not on this list.  I hope I am not misunderstanding his objections.)
  1. Consumer Router manufacturers might start hardcode-ing 1.2.3.4 as the default DNS resolver, and this may be someone outside the ISP's network.  I appreciate that this may happen, and I have seen similar things happen re: NTP servers.  I do not, however, think this is either going to be likely, or widespread.  At least in S E Asia, I have not seen any Home Routers with even Google's PDNS hardcoded into them.  As such, I do not think D-Link or Linksys (as an example) is likely to ship devices with 1.2.3.4 as the default.  The support costs for D-Link if this does not work would be prohibitive.
  2. Second, the Home Device could be re-sold, with 1.2.3.4 as the DNS setup, and the new owner would be unknowingly be using it.  I consider this extremely unlikely to happen accidentally.  The new owner would (unless he had exactly the same ISP and setup) need to review settings, perhaps a factory default.  And if he had the same ISP and setup as the previous owner, then there would be no additional danger anyway.

As such, I am not saying that a bad network operator could not announce 1.2.3.4, and wait for people to use him.  I am saying that this is not an additional danger, many people already use 8.8.8.8. and 4.4.2.2, for example, or OpenDNS.  

1.2.3.4 is very different from 8.8.8.8 and 4.4.2.2, etc. In the case of the former, random advertisements leaking from whoever are expected and normal. They should be blocked, but the concept of should in the global routing table is an amusing one at best. In the latter case, the routes are expected to come from known origin ASNs and a misalignment would be rapidly and easily detected, especially one for malicious intent or fraudulent purposes.

And any person deciding to announce 1.2.3.0/24 to the open network, would have to face a massive traffic storm anyway.  prop-109 by Geoff Huston mentions the traffic flowing to certain easily-remembered ranges.  Assuming that 1.2.3.0/24 gets even 50Mbps of traffic if I announce it to the Internet, that is till still an expensive pipe, and probably not worth it on the off-chance that a random user will use it and allow "evil me" to redirect him to the particular bank that he is a member of, and which I am forging a website for.

Never underestimate the willingness of a malefactor to subject hosts he controls (but probably doesn't own) or even hosts he doesn't necessarily control to vast quantities of traffic.

To summarize, there is no ADDITIONAL danger, and there are some advantages to this proposal.  I would like work on this proposal to continue, and see if we can address the concerns raised at the APNIC Meeting.

There are no advantages to this proposal and substantial danger, actually. I support dropping it.

Owen