[96651] in North American Network Operators' Group
Re: Interesting new dns failures
daemon@ATHENA.MIT.EDU (Chris L. Morrow)
Mon May 21 01:41:21 2007
Date: Mon, 21 May 2007 05:34:02 +0000 (GMT)
From: "Chris L. Morrow" <christopher.morrow@verizonbusiness.com>
In-reply-to: <20070520220840.Y56849@ubfganzr>
To: Roger Marquis <marquis@roble.com>
Cc: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
On Sun, 20 May 2007, Roger Marquis wrote:
> >> All the same, it would seem to be an easy and cheap abuse to address,
> >> at the gtlds. Why are these obvious trojans are being propagated by
> >> the root servers anyhow?
> >
> > the root servers are responsible how exactly for the fast-flux issues?
> > Also, there might be some legittimate business that uses something like
> > the FF techniques... but, uhm... how are the root servers involved again?
>
> Nobody's saying that the root servers are responsible, only that they
but you said it:
"at the gtlds. Why are these obvious trojans are being propagated by
the root servers anyhow?"
> are the point at which these domains would have to be squelched. In
> theory registrars could do this, but some would have a financial
> incentive not to. Also I don't believe registrars can update the roots
> quickly enough to be effective (correct me if I'm wrong).
>
I think you really mean 'TLD' not 'root'... I think, from playing this
game once or twice myself, the flow starts with the registrar to the
registry (in your example estdomains is the registrar and Verisign is the
registry). i think it pretty much stops there. i suppose you COULD get
ICANN to spank someone, but that's going to take a LONG time to
accomplish. (I think atleast)
> Given the obvious differences between legitimate fast flux and the
> pattern/domains in question it would seem to be a no-brainer,
> technically at least.
hrm... I don't think it's a technical stumbling block, though trying to
pre-know who's bad and who's not might get you in trouble (say I register
the domain lakjdauejalkasu91er.com and fast-flux it for my own 'good' use,
how's that different from 'uzmores.com' ?).
Anyway... I don't disagree that there ought to be a hammer here and it
ought to be applied. I'm just not sure it's as simple as it appears at
first blush.
