North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: AW: Odd policy question.

  • From: Christopher L. Morrow
  • Date: Fri Jan 13 22:24:57 2006

On Fri, 13 Jan 2006, Jeffrey I. Schiller wrote:

>
> Let me attempt to bring this back to the policy question.
>
> Does someone have the *right* to put one of your IP addresses as an NS
> record for their domain even if you do not agree?

Probably this is a multifaceted question :( So.. If I understand Drew's
original question he had a customer (valid paying customer) that signed up
for a new domain with $REGISTRAR12 called: "fooble.com". He put in his 2
ip addresses for the 2 servers sitting in Drew's cabinet as NS's (why
wouldn't he they were his to use then since he was paying for the service
there in Drew's world), he purchased the 10yr plan for the domain.

Later his company folded or he moved to another place with another name
effectively abandoning the names in place for some unrelated reason(s).
Drew is now allocating the 2 ips to a new customer who has setup NS's on
the same ips and is now getting 'lame delegation' action from some yokel
that walked away from his domain(s) :(

So, at the time of the domain registration the registerer had authority to
use Drew's ips, now he/she doesn't :( and isn't inn the mood to clean up
the 'mess' :(

>
> Registrar policies imply that this is so, and has been this way for a
> long time.
>
> A number of years ago (like 8-10 or so) I had a student host a domain on
> my campus that I rather they not host. When I requested the registrar
> (or registrar equivalent at the time) to remove the domain, or at least
> the NS record pointing at my IP address, they refused. Their position
> was that if I didn't like the domain, I should block access to the IP
> address. I solved the problem another way...
>

Probably this is a bad solution for Drew, though he MIGHT be able to ID
the zones in question:
1) run a NS for a while, log queries for a while
2) sort/uniq queries, make auth responses for the names
3) 'hijack' the domain and send it off to 'other place' via registrar
updates.

Not always is this feasible :(