nanog mailing list archives
Re: Interesting new dns failures
From: bmanning () karoshi com
Date: Mon, 21 May 2007 10:38:56 +0000
On Sun, May 20, 2007 at 10:19:30PM -0700, Roger Marquis wrote:
All the same, it would seem to be an easy and cheap abuse to address, at the gtlds. Why are these obvious trojans are being propagated by the root servers anyhow?the root servers are responsible how exactly for the fast-flux issues? Also, there might be some legittimate business that uses something like the FF techniques... but, uhm... how are the root servers involved again?Nobody's saying that the root servers are responsible, only that they are the point at which these domains would have to be squelched. In theory registrars could do this, but some would have a financial incentive not to. Also I don't believe registrars can update the roots quickly enough to be effective (correct me if I'm wrong).
ok... so you suggest that the roots squelch these domains? i check the contents of the root zone and find that the closest the roots come to being able to squelch these zones is to remove .com from the zone (since these other entries are not in the root but in the com zone). if you can get concensus to remove .com, i'm sure the roots would be willing to help out. --bill
Given the obvious differences between legitimate fast flux and the pattern/domains in question it would seem to be a no-brainer, technically at least. -- Roger Marquis Roble Systems Consulting http://www.roble.com/
Current thread:
- Interesting new dns failures Roger Marquis (May 20)
- Re: Interesting new dns failures Roger Marquis (May 20)
- Re: Interesting new dns failures Chris L. Morrow (May 20)
- Re: Interesting new dns failures Roger Marquis (May 20)
- Re: Interesting new dns failures Chris L. Morrow (May 20)
- Re: Interesting new dns failures Valdis . Kletnieks (May 21)
- Re: Interesting new dns failures bmanning (May 21)
- Message not available
- Re: Interesting new dns failures Valdis . Kletnieks (May 21)
- Re: Interesting new dns failures Chris L. Morrow (May 21)
- RE: Interesting new dns failures michael.dillon (May 21)
- RE: Interesting new dns failures Chris L. Morrow (May 21)
- Re: Interesting new dns failures Joe Provo (May 22)
- RE: Interesting new dns failures michael.dillon (May 22)
- Re: Interesting new dns failures Valdis . Kletnieks (May 22)
- Re: Interesting new dns failures Will Hargrave (May 25)
- Re: Interesting new dns failures Chris L. Morrow (May 25)
- Re: Interesting new dns failures Chris L. Morrow (May 20)
- Re: Interesting new dns failures Roger Marquis (May 20)
- Re: Interesting new dns failures Tim Franklin (May 21)