[100693] in North American Network Operators' Group
Re: Hey, SiteFinder is back, again...
daemon@ATHENA.MIT.EDU (Patrick W. Gilmore)
Mon Nov 5 11:54:36 2007
Cc: "Patrick W. Gilmore" <patrick@ianai.net>
From: "Patrick W. Gilmore" <patrick@ianai.net>
To: nanog@merit.edu
In-Reply-To: <20071105155404.GA27714@dba3>
Date: Mon, 5 Nov 2007 11:52:02 -0500
Errors-To: owner-nanog@merit.edu
On Nov 5, 2007, at 10:54 AM, Andrew Sullivan wrote:
> On Sun, Nov 04, 2007 at 08:32:25AM -0500, Patrick W. Gilmore wrote:
>>
>> A single provider doing this is not equivalent to the root servers
>> doing it. You can change providers, you can't change "." in DNS.
>
> This is true, but Verisign wasn't doing it on root servers, IIRC, but
> on the .com and .net TLD servers. Not that that's any better.
Touch=E9. Guess I wasn't awake when I wrote that. But .com/.net is =20
still bad (as you say).
> The last time I heard a discussion of this topic, though, I heard
> someone make the point that there's a big difference between
> authority servers and recursing resolvers, which is the same sort of
> point as above. That is, if you do this in the authority servers for
> _any_ domain (., .com, .info, or .my.example.org for that matter),
> it's automatically evil, because of the meaning of "authority". One
> could argue that it is less evil to do this at recursive servers,
> because people could choose not to use that service by installing
> their own full resolvers or whatever. I don't know that I accept the
> argument, but let's be clear at least in the difference between doing
> this on authority servers and recursing resolvers.
I would argue against such a blanket statement. Doing this in an =20
authority for a TLD is bad, because most people don't have a choice of =20=
TLD. (Or at least think they don't.)
But if I want to put in a wildcard for *.ianai.net, then there is =20
nothing evil about that. In fact, I've been doing so for years (just =20=
'cause I'm lazy), and no one has even noticed. It is my domain, I =20
should be allowed to do whatever I want with it as long as I pay my =20
$10/year and don't use it to abuse someone else.
Hijacking user requests on caching name servers is very, very bad, =20
because 1) the user probably doesn't know they are being hijacked, and =20=
2) even if the user did, most wouldn't know how to get around it. So =20=
you're back to the TLD authority problem, there is no choice in the =20
matter.
--=20
TTFN,
patrick
