OT DNS/routing question

Bill Hacker wbh at conducive.org
Sat Mar 12 21:09:40 PST 2005


Erik P. Skaalerud wrote:

walt skrev:

On Sat, 12 Mar 2005, Marcin Jessa wrote:


They just set the A record to 127.0.0.2
What's so weird about it?


After seeing Gabriel's reply I emailed the admin at afraid.org and
asked him about it.  He answered that he did change the address to
prevent further abuse.  I'm learning... :o)

Walt, think about setting a dns host to "127.0.0.1" as the same as 
nullrouting an ip address. It basically blocks the host/ip from getting 
reached.

- Erik
Yes - from the point of view of a DNS admin, if they are
acting 'at arm's length' it does so.
Ordinarily - as the box attempting to reach it has nothing
to offer at that (local) IP,  that is a dead-end.
- As can be very handy when one enters in /etc/hosts a list of:

127.0.0.1    {<domain>.<tld>} - of site(s) NOT to be visited.

But this was '127.0.0.2'.  Less likely to conflict with 'stock'
assignments.  Curiously, it is also the 'response code' used
by many RBL operators to indicate an open relay or worse.
On most machines, the effect would be the same. Blackhole.

On *some* unfortunate machines, one might find an
unwanted 'service' actually answering on 127.0.0.2:80
 - but not one that is wanted....
So a little paranoia is not entirely misplaced, especially
if one is running the dominant parasite host as an OS.
Bill Hacker









More information about the Users mailing list