[100687] in North American Network Operators' Group
Re: Hey, SiteFinder is back, again...
daemon@ATHENA.MIT.EDU (Phil Regnauld)
Mon Nov 5 11:08:45 2007
Date: Mon, 5 Nov 2007 17:05:38 +0100
From: Phil Regnauld <regnauld@catpipe.net>
To: Andrew Sullivan <andrew@ca.afilias.info>
Cc: nanog@merit.edu
In-Reply-To: <20071105155404.GA27714@dba3>
Errors-To: owner-nanog@merit.edu
Andrew Sullivan (andrew) writes:
>
> The last time I heard a discussion of this topic, though, I heard
> someone make the point that there's a big difference between
> authority servers and recursing resolvers, which is the same sort of
> point as above. That is, if you do this in the authority servers for
> _any_ domain (., .com, .info, or .my.example.org for that matter),
> it's automatically evil, because of the meaning of "authority". One
> could argue that it is less evil to do this at recursive servers,
> because people could choose not to use that service by installing
> their own full resolvers or whatever. I don't know that I accept the
> argument, but let's be clear at least in the difference between doing
> this on authority servers and recursing resolvers.
Fully agreed. In some ways, if your ISP is stupid enough to want
to do this, and they don't ever want to return NXDOMAIN to their
customer's resolvers, and their ToS specify that they do it, well,
they're welcome.
But the moment you start to mess around with the authority that is
being delegated to you, then it's Evil.
I think ICANN should probably come out and specify that doing
wildcard matchin on TLD delegations is Not A Good thing.
Phil