based on the ASNAME, its seems a nice little route-map
/dev/null will be real easy. As long as they keep prefixs
used in this really dumb idea for this idea.
If you have a full table (i.e. no default) just drop inbound routes with a
AS path _30060$
Also ....
<user>@dns0:/var/named/verisignwildcard#host 64.94.110.11
Host 11.110.94.64.in-addr.arpa not found: 3(NXDOMAIN)
Oh dear, I wonder what happened to the reverse ..... looks like that doesn't
resolve any more from here ... so we can still do reverse DNS checks....
> based on the ASNAME, its seems a nice little route-map
> /dev/null will be real easy. As long as they keep prefixs
> used in this really dumb idea for this idea.
If you have a full table (i.e. no default) just drop inbound routes with a
AS path _30060$
Are there any adverse side effects, that anybody can think of?
One is that any mail destined for this host would probably sit in the
queue for the maximum queue lifetime, generally about 4 days, before
bouncing as undeliverable, rather than either being rejected
immediately.
One wonders why they didn't at LEAST set an MX of '.' for the wildcard
record (this is how you're supposed to indicate that a domain does not
receive mail if it has an active A record).
This really is a *horrible* idea, and I hope that many horrible,
painful, and unprintable things happen to those responsible for coming
up with / implementing this idea. At the least, I hope that ICANN stops
this in the very short term.
On the other hand, if your routers have the CPU cycles to spare, an
inbound access-list along the lines of
deny tcp 64.94.110.0 0.0.0.255 eq 80 any
[whatever other stuff you have]
permit ip any any
Will block their return traffic from tbe website (including the TCP ack)
allowing them to cheerfully syn-flood DDoS themselves if enough people
do this.
... so we can still do reverse DNS checks....