nanog mailing list archives
Re: fwd: Re: [registrars] Re: panix.com hijacked
From: "Steven M. Bellovin" <smb () cs columbia edu>
Date: Mon, 17 Jan 2005 13:08:50 -0500
In message <Pine.LNX.4.44.0501161225210.11207-100000 () sokol elan net>, "william( at)elan.net" writes:
On Sun, 16 Jan 2005, Joe Maimon wrote:Thus justifying those who load their NS and corresponding NS's A records with nice long TTLAlthough this wasn't a problem in this case (hijacker did not appear to have been interested in controlling dns since it points to default domain registration and under construction page), but long TTL trick could be used by hijackers - i.e. he gets some very popular domain, changes dns to the one he controls and purposely sets long TTL. Now even if registrars are able to act quickly and change registration back, those who cached new dns data would keep it for quite long in their cache.
Many versions of bind have a parameter that caps TTLs to some rational maximum value -- by default in bind9, 3 hours. Unfortunately, the documentation suggests that the purpose of the max-ncache-ttl parameter is to let you increase the cap, in order to improve performance and decrease network traffic. The suggestion that someone made the other day -- that the TTL on zones be ramped up gradually by the registries after creation or transfer -- is, I think, a good one. --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb
Current thread:
- fwd: Re: [registrars] Re: panix.com hijacked Eric Brunner-Williams in Portland Maine (Jan 16)
- Re: fwd: Re: [registrars] Re: panix.com hijacked William Allen Simpson (Jan 16)
- Re: fwd: Re: [registrars] Re: panix.com hijacked Daniel Karrenberg (Jan 16)
- Re: fwd: Re: [registrars] Re: panix.com hijacked Lou Katz (Jan 16)
- Re: fwd: Re: [registrars] Re: panix.com hijacked Daniel Karrenberg (Jan 16)
- Re: fwd: Re: [registrars] Re: panix.com hijacked Richard Irving (Jan 16)
- Re: fwd: Re: [registrars] Re: panix.com hijacked gnulinux (Jan 16)
- Re: fwd: Re: [registrars] Re: panix.com hijacked Andrew Brown (Jan 16)
- Re: fwd: Re: [registrars] Re: panix.com hijacked Joe Maimon (Jan 16)
- Re: fwd: Re: [registrars] Re: panix.com hijacked william(at)elan.net (Jan 16)
- Re: fwd: Re: [registrars] Re: panix.com hijacked Steven M. Bellovin (Jan 17)
- Re: [registrars] Re: panix.com hijacked Joe Abley (Jan 17)
- Re: [registrars] Re: panix.com hijacked Edward Lewis (Jan 17)
- Re: fwd: Re: [registrars] Re: panix.com hijacked Daniel Karrenberg (Jan 16)
- Re: fwd: Re: [registrars] Re: panix.com hijacked Joe Maimon (Jan 17)
- Re: fwd: Re: [registrars] Re: panix.com hijacked William Allen Simpson (Jan 16)