|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Interesting new dns failures
On Sun, 20 May 2007, Roger Marquis wrote: > >> All the same, it would seem to be an easy and cheap abuse to address, > >> at the gtlds. Why are these obvious trojans are being propagated by > >> the root servers anyhow? > > > > the root servers are responsible how exactly for the fast-flux issues? > > Also, there might be some legittimate business that uses something like > > the FF techniques... but, uhm... how are the root servers involved again? > > Nobody's saying that the root servers are responsible, only that they but you said it: "at the gtlds. Why are these obvious trojans are being propagated by the root servers anyhow?" > are the point at which these domains would have to be squelched. In > theory registrars could do this, but some would have a financial > incentive not to. Also I don't believe registrars can update the roots > quickly enough to be effective (correct me if I'm wrong). > I think you really mean 'TLD' not 'root'... I think, from playing this game once or twice myself, the flow starts with the registrar to the registry (in your example estdomains is the registrar and Verisign is the registry). i think it pretty much stops there. i suppose you COULD get ICANN to spank someone, but that's going to take a LONG time to accomplish. (I think atleast) > Given the obvious differences between legitimate fast flux and the > pattern/domains in question it would seem to be a no-brainer, > technically at least. hrm... I don't think it's a technical stumbling block, though trying to pre-know who's bad and who's not might get you in trouble (say I register the domain lakjdauejalkasu91er.com and fast-flux it for my own 'good' use, how's that different from 'uzmores.com' ?). Anyway... I don't disagree that there ought to be a hammer here and it ought to be applied. I'm just not sure it's as simple as it appears at first blush.
|