North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: summarising [was: Re: ICANNs role]

  • From: michael.dillon
  • Date: Wed Apr 04 11:57:13 2007

> If you're going to do any vetting, the time to do it is at 
> registration,
> not at crunch time.

The bulk of the discussion over the past few days was directed at the
practice of rapid updates of BRAND NEW DOMAIN NAMES. Clearly this is
entirely separate from the issue of updating information for an
established domain name.

> Designing a system which doesn't allow for some level of 
> anonymity (let's
> say for whistleblower/bloggers) requires some serious debate that goes
> far beyond "what are the security implications."

That is really a separate issue. This discussion is about limiting the
damage caused by domains which do rapid NS switching. If we know which
domains are new, DNS operators could put them on probation and only
allow a minimum TTL of 1 day on those names. The domain owner can still
switch NSes but the queries won't chase him, therefore he will sell less
product and quickly stop doing NS switching. If he's not NS switching
then it is easier to track him down, blackhole him, filter him,
whatever.

--Michael Dillon