[96694] in North American Network Operators' Group
Re: Interesting new dns failures
daemon@ATHENA.MIT.EDU (Gadi Evron)
Mon May 21 16:51:40 2007
Date: Mon, 21 May 2007 15:50:42 -0500 (CDT)
From: Gadi Evron <ge@linuxbox.org>
To: "Chris L. Morrow" <christopher.morrow@verizonbusiness.com>
Cc: nanog@merit.edu
In-Reply-To: <Pine.GSO.4.58.0705211741530.8022@marvin.argfrp.us.uu.net>
Errors-To: owner-nanog@merit.edu
On Mon, 21 May 2007, Chris L. Morrow wrote:
> ok, so 'today' you can't think of a reason (nor can I really easily) but
> it's not clear that this may remain the case tomorrow. It's possible that
> as a way to 'better loadshare' traffic akamai (just to make an example)
> could start doing this as well.
>
> So, I think that what we (security folks) want is probably not to
> auto-squish domains in the TLD because of NS's moving about at some rate
> other than 'normal' but to be able to ask for a quick takedown of said
> domain, yes? I don't think we'll be able to reduce false positive rates
> low enough to be acceptable with an 'auto-squish' method :(
Auto-squish on a registrar level is actually starting to work, but there
is a long way yet..
As to NS fastflux, I think you are right. But it may also be an issue of
policy. Is there a reason today to allow any domain to change NSs
constantly?
>
> -Chris
>
