Internet2 Network Security SIG

[Jeff Bartig <>]

On 9/5/17, 9:28 AM, Michael H Lambert wrote:

On 5 Sep 2017, at 10:19, Matthew J Zekauskas  wrote:

FWIW, I think the accuracy/precision values in the records are all defaults (which would lead me to believe they were not explicitly set).    I could be wrong; I just glanced at the RFC <https://tools.ietf.org/html/rfc1876>.

I concur that that's the likeliest possibility.  Again, I'll reiterate that I don't think it's worth the effort to change them.

I agree.  I don't see the value of devoting the software development effort to reducing the precision.  As was pointed out, even without the LOC records, it is easy to guess our PoP locations, even with more precision than the LOC coordinates provide.  There are many public sources of PoP locations and fiber paths that could easily be used to locate Internet2's physical infrastructure.

For the particular example that was given, rtsw.newy32aoa.net.internet2.edu, I can even guess the address is 32 Avenue of the Americas by just seeing the A record and knowing a little bit about colo space in New York.  Maybe we should get rid of the A, AAAA, and PTR records too?  (I unfortunately feel the need to point out that was engineering sarcasm, not a security recommendation).

Jeff

--
Jeff Bartig
Interconnection Architect
Internet2  AS11164 / AS11537
+1-608-616-9908