[Sanctions-Research] Beacon
John Kristoff
jtk at dataplane.org
Fri Mar 18 19:18:53 PDT 2022
On Sat, 19 Mar 2022 00:58:32 +0100
Bill Woodcock <woody at pch.net> wrote:
> - beacon.sanctions.net, which would resolve to:
The answer to this name may be cached by resolvers or forwarders.
Would it be possible to also provide a zone to be blocked? One that has
a wildcard A RR that can be queried for a one-time unique name.
> Thoughts? What else might we want to set up prior to day one?
What data exactly do you plan to collect at the authoritative DNS
servers and at the addresses? What can be used for research
measurements?
Have you worked out the feed formats and how they will be published?
Will there will be some sort of official history of changes to the
feeds maintained somewhere?
One other potentially useful approach to generating a beacon is to
periodically add or remove a one-time use beacon (e.g. name or address)
over time. This could be especially useful when trying to measure
whether use of the feed is in sync with current published feed data.
I realize this might be harder with IPv4 since I presume you don't have
lots of spare v4 addresses.
John
More information about the Research
mailing list