On Sun, 04 Jan 2004 08:36:17 PST, Roger Marquis said:
* Why did they assign NSs and a valid IP to these invalid domains?
So they can put up an explanatory website that says "Don't do that, you idiot". This is similar to the choice of one of the RFC1918 address blocks because a major vendor used an adddress in that block as their "Hey there, I'm an unconfigured system" address. Sometimes, things get done out of sheer pragmatism.
* Are they breaking the RFC by doing this?
I'd say the problem of 1918 leakage is a bigger concern. I'm sure the example.* webserver isn't getting thousands of hits per second like the root nameservers are seeing from 1918 addresses.
* Are they breaking anti-UCE filters by doing this? (yes)
Only in that you can't ban mail from example.com because it doesn't have a DNS entry. (a) I don't see enough forged mail from example.com to worry about it, and (b) I think we all should have learned about trusting *that* check implicitly after Verisign's stunt.
* Are they harvesting URLs and referrers?
Well, the URL would point to them. What do they get out of that? The referrer doesn't tell them anything, other than "the referer page had an example URL that somebody was dumb enough to click on". Note that at that point, you really *want* to hand the poor user an explanation rather than a host-not-found (see the first point).
* Will they next advertise routes for RFC 1918 addresses?
If they want to DDoS themselves, sure. If they did do it and your site noticed, you're obviously one of Randy Bush's competitors who took his advice. Google for '+bgp +filter', and get some heavier-duty aluminum foil next time you're at the supermarket..... Having said that, I wonder who'd notice if AS701 suddenly announced the 3 1918 blocks. Like Postel's hijacking of the root, no correctly configured systems should notice anything happened... :)