Comment by arch-choot

16 hours ago

If i'm not mistaken its because IPs are actually much easier to rotate than domains.

E.g. all the users will remember `example.com` , underlying it doesn't matter what IP it resolves to. If the IP gets "burned" , then the providers can rotate to a new IP (if their provider allows).

Vs. telling your users to use a new domain `example.org` , fake websites etc.

Also sensible ISPs usually don't block IPs since for services behind a CDN it could lead to other websites being blocked, though of course sometimes this is ignored. See also: https://blog.cloudflare.com/consequences-of-ip-blocking/

8 comments

arch-choot

Reply
boondongle  13 hours ago

I wouldn't say you're mistaken, but it's a simplification. In the network world, the capability exists to restrict what BGP advertisements are accepted via RPKI/a peer. Internet providers usually don't because the premium is placed on uptime/connectivity.

If tomorrow, everyone said "we don't want IP's from Frankfurt showing up somewhere in Dubai", you'd have a massive technical problem and rearranging to start with but once that was sorted you could geo-lock. IANA and Network providers simply haven't been doing that.

The reason it doesn't happen is Devs/Stakeholders want uptime from ISPs/Networks and not something they can't abstract. Basically its just a status quo much like the entire internet reverse-proxying through CDNs is a status quo. It wasn't always like that, and it may not always be like that in the future - just depends which way the winds blow over time.

  • sgjohnson  11 hours ago

    > we don't want IP's from Frankfurt showing up somewhere in Dubai

    what do you mean, IPs from Frankfurt?

    IP addresses are just IP addresses, they know no geographical boundaries. In RIR DBs you can geolocate them to wherever you want. Which is the entire reason why Geo IP DBs even exist - they triangulate.

  • icehawk  9 hours ago

    > "we don't want IP's from Frankfurt showing up somewhere in Dubai"

    From a network perspective statements like that make no sense. IP addresses don't have any sort of physicality,

    • pocksuppet  9 hours ago

      They have registration data. Someone could declare they don't want IPs registered to companies from Frankfurt with geofeeds in Frankfurt to be advertised in Dubai.

      3 replies →

ffsm8  15 hours ago

That's why you have a strictly legal domain that enables a convoluted redirect with plausible deniability (not 302)

It'll still eventually stick, but a lot slower