Skip to Content.
Sympa Menu

netsec-sig - Re: [Security-WG] DNS Location record question

Subject: Internet2 Network Security SIG

List archive

Re: [Security-WG] DNS Location record question


Chronological Thread 
  • From: James Deaton <>
  • To:
  • Subject: Re: [Security-WG] DNS Location record question
  • Date: Tue, 05 Sep 2017 13:59:08 +0000
  • Ironport-phdr: 9a23:LMbfUxKUOSqNYH6GNdmcpTZWNBhigK39O0sv0rFitYgRI/nxwZ3uMQTl6Ol3ixeRBMOAuqIC07KempujcFRI2YyGvnEGfc4EfD4+ouJSoTYdBtWYA1bwNv/gYn9yNs1DUFh44yPzahANS47xaFLIv3K98yMZFAnhOgppPOT1HZPZg9iq2+yo9ZDeZwZFiCChbb9uMR67sRjfus4KjIV4N60/0AHJonxGe+RXwWNnO1eelAvi68mz4ZBu7T1et+ou+MBcX6r6eb84TaFDAzQ9L281/szrugLdQgaJ+3ART38ZkhtMAwjC8RH6QpL8uTb0u+ZhxCWXO9D9QLYpUjqg8qhrUgflhygJNzE78G/ZhM9+gr9Frh29vBFw2ZLYbZuPOfZiYq/Qf9UXTndBUMZLUCxBB5uxYY8VAOoEI+lYtJT2qVUQohSkGQmsA+XvwSJPi3/0w6I1zv8sEQbA3AM+GdIBrmjUoM/zNKgMTeC41a/FxijNYfNR3Dfy8onIchY5rPGNW7JwbdTeyVMpFwzbklWct5bpMC2I2eQQq2SU9PFvWv61h2E7rAF9uCWvxsQqh4LUhYwV0kjJ+Tt4zYopJ9C1TUB7bN2/H5dMsiyXOJd6Tt8+TGxtpCk21r4LtJu+cSQU1pgo3RjSYOGdfYeS+BLsTuORLC94hH17fLK/gA6/8U26xe39Usm4yUtKoTBZntXVuXEByQLf5dKdRvty+Ueh3jmP1wTN5e1ePU80kq/bJ4Ygwr42iJUTrVzOEjH3lUnqjqKbc0sk9+uz5Oj7Z7jrqYOQO5NohQz7Lqsihs+yDOE9PwQQQWSU4/yw1Lj58k34RLVKgOc2kq7csJ3CJ8QUuLO2DhRS0oYl9Rm/CSmp0MgCkXkBMl1FZAqLj5L1NFHWPPD4EfC/jky3kDh12//GI6fhApTRLnnDibvgc7l95lVYyAoy1tBf+4lUBq8bLPLyXE/xqMLXDgU/MwOq3+brFs9x2Z0DVmKSUeelN/bJvFSV/OMzMqyTa6cUvirwMf4o+6SogHMkynEHeqz8/5ISZWvwMvlvP0KfKS7uj9spFmEHuAciCurnlAvRAnZoe3+uUvdktXkAA4W8ANKbSw==

I'd agree with Jason - we've also seen folks fallback to publicly available GeoIP information which can make folks make some bad assumptions. MaxMind fun has been the source of some good news articles in the past couple of years.

Also, great idea *ssw*: Reduce the precision, keep the record.

On Tue, Sep 5, 2017 at 8:50 AM Jason Zurawski <> wrote:
+1

Hiding this info produces no security gain, and only causes annoyances for those trying to eliminate performance issues and/or create innovative things. 

-jason


Steven Wallace wrote:
I use them from time to time (visual traceroute)

I suspect researchers may as well. IMO, the security list is probably not the best place to ask if they’re used.

The LOC below record lists 10,000 meters as its horizontal precision, however the coordinates' precision is about 100 meters.

IMO, leave them, but knock the precision of the lat/long down to .01 rather than .001.

ssw


On Sep 5, 2017, at 9:26 AM, Paul Howell  wrote:

Hi,

Currently Internet2 publishes location information for each router in the respective DNS records.  Here’s an example:

rtsw.newy32aoa.net.internet2.edu. 3600 IN LOC	40 43 12.248 N 74 0 18.716 W 0.00m 1m 10000m 10m

Would anyone that is using these records please message me?    If they are no longer needed, we may remove them.

Regards,
Paul







Archive powered by MHonArc 2.6.19.

Top of Page