[62255] in North American Network Operators' Group
Re: Root Server Operators (Re: What *are* they smoking?)
daemon@ATHENA.MIT.EDU (Paul Vixie)
Wed Sep 17 01:17:13 2003
From: Paul Vixie <paul@vix.com>
To: nanog@merit.edu
In-Reply-To: Message from Sean Donelan <sean@donelan.com>
of "Wed, 17 Sep 2003 00:48:09 -0400."
<Pine.GSO.4.44.0309170045280.3279-100000@clifden.donelan.com>
Date: Wed, 17 Sep 2003 05:13:45 +0000
Errors-To: owner-nanog-outgoing@merit.edu
> So, Verisign just returns a NS pointer to another name server Verisign
> controls which then answers the queries with Verisign's "helpful" web
> site.
>
> Half-life of the patch: 1 day?
i don't think so. verisign is on public record as saying that the reason
they implemented the wildcard was to enhance the services offered to the
internet's eyeball population, who has apparently been clamouring for this.
in this story, for example...
http://story.news.yahoo.com/news?tmpl=story&u=/ap/20030916/ap_on_hi_te/internet_typos_4
...it was thus spake:
VeriSign spokesman Brian O'Shaughnessy said Tuesday that individual
service providers were free to configure their systems so customers
would bypass Site Finder. But he questioned whether releasing a patch
to do so would violate Internet standards.
Vixie acknowledged that it could -- standards call for operators like
VeriSign to have complete control over their directories -- but he
said not releasing a patch would create greater chaos.
therefore i believe that while they may have to change the A RR from time to
time according to their transit contracts, verisign won't insert an NS RR
into the sitefinder redirection. if they do, and if bind's user community
still wants to avoid sitefinder, they can declare the second server "bogus",
with no new code changes from isc. but that all seems terribly unlikely.
