North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Alternic takes over Internic traffic
Now that's a strategy I like. Thanks Dorn; that's both elegant and easy to implement, its cheap, and it works. -- -- Karl Denninger ([email protected])| MCSNet - The Finest Internet Connectivity http://www.mcs.net/~karl | T1's from $600 monthly to FULL DS-3 Service | 99 Analog numbers, 77 ISDN, http://www.mcs.net/ Voice: [+1 312 803-MCS1 x219]| NOW Serving 56kbps DIGITAL on our analog lines! Fax: [+1 312 803-4929] | 2 FULL DS-3 Internet links; 400Mbps B/W Internal On Tue, Jul 15, 1997 at 05:17:58PM -0400, Dorn Hetzel wrote: > > Since we run OSPF internally, we find it easier to do this by > setting up a 2501 (dedicated to the task) with static routes > pointing into a loopback interface which is filtered with an > access list to block all packets. The static routes are > redistributed into OSPF, which caused each static to suck > packets bound from anywhere in our network into the filter, > kill them, and log them. Of course, there is no risk of the > OSPF leaking to the outside world, though it covers our network > nicely, and we get logging of attempted replies to these > sites. Since OSPF is nicely classless, we block anythink from > a /32 up... > > -Dorn Hetzel > Epoch Internet > > On Tue, Jul 15, 1997 at 04:36:58PM +0100, Alex.Bligh wrote: > > [shock - operational ingredient to DNS issue on NANOG] > > > > I feel that a convenient way to filter out crud that polutes > > your DNS (or any other crud for that matter) might be: > > a) Configure a normally non-BGP speaking router in your IGP to > > run BGP under AS (say) 7778. > > b) Static the routes to all alternic's primary name servers to null0: > > (or better to a non-existent IP on an ethernet interface) > > c) redistribute these statics into BGP through a routemap if necessary. > > d) Set up peering with a router running BGP tagging the routes as > > no-export (make sure you don't distribute them to peers or customers). > > > > (credit to Paul Vixie for the "how to blackhole traffic" for spam > > reasons which I've borrowed here - *PAUL DID NOT RECOMMEND DOING THIS > > FOR DNS TRAFFIC - THIS IS ENTIRELY MY IDEA*). > > > > We're just about to do this. I'll tell you how it goes. > > > > Alex Bligh > > Xara Networks > >
|