nanog mailing list archives
Re: On-going Internet Emergency and Domain Names
From: Florian Weimer <fw () deneb enyo de>
Date: Sat, 31 Mar 2007 21:42:13 +0200
* Paul Vixie:
since malware isn't breaking dns, and since dns not a vector per se, the idea of changing dns in any way to try to control malware strikes me as a way to get dns to be broken in more places more often.
Well, once more people learn about DLV (especially the NS override extension that has been requested by zone operators), more and more questions will pop up why we can't do this for NS records they don't like for some reason. The genie is out of the bottle, I'm afraid.
in practical terms, and i've said this to you before, you'll get as much traction by getting people to switch from windows to linux as you'd get by trying to poison dns. that is, neither solution would be anything close to universal. that rules it out as an "alternative we can use today".
The legal details for operating and using a lookaside zone are rather interesting, which strongly suggests that this isn't a solution that can be rolled out in a reasonable time frame. On the more technical side, some very large operators have mostly out-sourced their DNS operation, so they can't easily deploy an upgrade from ISC even if it were available today.
at the other end, authority servers which means registries and registrars ought, as you've oft said, be more responsible about ripping down domains used by bad people. whether phish, malware, whatever. what we need is some kind of public shaming mechanism, a registrar wall of sheep if you will, to put some business pressure on the companies who enable this kind of evil.
I fear that many registrars make most of their money with trademark violations of their customers. If that is indeed true, showing any sign of responsibility could be suicidal.
Current thread:
- Re: On-going Internet Emergency and Domain Names, (continued)
- Re: On-going Internet Emergency and Domain Names Adrian Chadd (Mar 31)
- Re: On-going Internet Emergency and Domain Names Gadi Evron (Mar 31)
- Re: On-going Internet Emergency and Domain Names Adrian Chadd (Mar 31)
- Re: On-going Internet Emergency and Domain Names Petri Helenius (Mar 31)
- Re: On-going Internet Emergency and Domain Names Gadi Evron (Mar 31)
- RE: On-going Internet Emergency and Domain Names michael.dillon (Mar 31)
- Re: On-going Internet Emergency and Domain Names Hank Nussbacher (Mar 31)
- Re: On-going Internet Emergency and Domain Names Paul Vixie (Mar 31)
- Re: On-going Internet Emergency and Domain Names Roland Dobbins (Mar 31)
- Re: On-going Internet Emergency and Domain Names Gadi Evron (Mar 31)
- Re: On-going Internet Emergency and Domain Names Florian Weimer (Mar 31)
- redirect (Re: On-going Internet Emergency and Domain Names ) Paul Vixie (Mar 31)
- Re: On-going Internet Emergency and Domain Names Gadi Evron (Mar 31)
- Re: On-going Internet Emergency and Domain Names Paul Vixie (Mar 31)
- Re: On-going Internet Emergency and Domain Names Matt Ghali (Mar 31)
- Re: On-going Internet Emergency and Domain Names Gadi Evron (Mar 31)
- Re: On-going Internet Emergency and Domain Names Jon R. Kibler (Mar 31)
- RE: On-going Internet Emergency and Domain Names william(at)elan.net (Mar 31)
- RE: On-going Internet Emergency and Domain Names Gadi Evron (Mar 31)