Re: OT DNS/routing question

[Bill Hacker <wbh@xxxxxxxxxxxxx>]

Erik P. Skaalerud wrote:

> walt skrev:
>
> > On Sat, 12 Mar 2005, Marcin Jessa wrote:
> >
> >
> > > They just set the A record to 127.0.0.2
> > > What's so weird about it?
> >
> >
> >
> > After seeing Gabriel's reply I emailed the admin at afraid.org and
> > asked him about it.  He answered that he did change the address to
> > prevent further abuse.  I'm learning... :o)
>
> Walt, think about setting a dns host to "127.0.0.1" as the same as 
> nullrouting an ip address. It basically blocks the host/ip from getting 
> reached.
>
> - Erik

Yes - from the point of view of a DNS admin, if they are
acting 'at arm's length' it does so.

Ordinarily - as the box attempting to reach it has nothing
to offer at that (local) IP,  that is a dead-end.

- As can be very handy when one enters in /etc/hosts a list of:

127.0.0.1    {<domain>.<tld>} - of site(s) NOT to be visited.


But this was '127.0.0.2'.  Less likely to conflict with 'stock'
assignments.  Curiously, it is also the 'response code' used
by many RBL operators to indicate an open relay or worse.

On most machines, the effect would be the same. Blackhole.

On *some* unfortunate machines, one might find an
unwanted 'service' actually answering on 127.0.0.2:80
 - but not one that is wanted....

So a little paranoia is not entirely misplaced, especially
if one is running the dominant parasite host as an OS.

Bill Hacker