nanog mailing list archives
Re: Interesting new dns failures
From: David Ulevitch <davidu () everydns net>
Date: Thu, 24 May 2007 00:01:03 -0700
Douglas Otis wrote:
Lots of people already track newly added domains. Rick Wesson runs a feed called Day old bread that is just such a feed.On May 22, 2007, at 2:16 PM, Gadi Evron wrote:On Tue, 22 May 2007, David Ulevitch wrote:These questions, and more (but I'm biased to DNS), can be solved at the edge for those who want them. It's decentralized there. It's done the right way there. It's also doable in a safe and fail-open kind of way.This is what I'm talking about.Agreed.Gadi,What is the downside of a "preview" of zones being published by a TLD? Previews could be on a 12 or 24 hour cycle. This would enable defenses at the edge by disabling fast-flux outright. There could be exceptions, of course. When millions of domains are in rapid flux daily, few protective schemes are able to sustain or afford the dispersion of raw threat information. In addition, these raw updates arrive too late at that. A "preview" would not change how the core works, only how fast changes occur, while also dramatically reducing the amount data required for comprehensive protections at the edge.This would be a policy change at the core that enables defenses at the edge.
Again, good idea, but doesn't belong in the core. If I register a domain, it should be live immediately, not after some 5 day waiting period. On the same token, if you want to track new domains and not accept any email from me until my domain is 5 days old, go for it. Your prerogative.
-david
-Doug
Current thread:
- Re: Interesting new dns failures, (continued)
- Re: Interesting new dns failures Crist Clark (May 22)
- Re: Interesting new dns failures Paul Vixie (May 22)
- Re: Interesting new dns failures Gadi Evron (May 22)
- Re: Interesting new dns failures Chris L. Morrow (May 21)
- Re: Interesting new dns failures Gadi Evron (May 21)
- Re: Interesting new dns failures David Ulevitch (May 22)
- Re: Interesting new dns failures Gadi Evron (May 22)
- Re: Interesting new dns failures David Ulevitch (May 22)
- Re: Interesting new dns failures Gadi Evron (May 22)
- Re: Interesting new dns failures Douglas Otis (May 23)
- Re: Interesting new dns failures David Ulevitch (May 24)
- Re: Interesting new dns failures Suresh Ramasubramanian (May 24)
- Re: Interesting new dns failures Kradorex Xeron (May 24)
- Re: Interesting new dns failures Chris L. Morrow (May 24)
- Re: Interesting new dns failures Steve Atkins (May 24)
- Re: Interesting new dns failures Per Heldal (May 24)
- Re: Interesting new dns failures Suresh Ramasubramanian (May 24)
- Re: Interesting new dns failures John LaCour (May 24)
- Re: Interesting new dns failures Suresh Ramasubramanian (May 24)
- Re: Interesting new dns failures Hank Nussbacher (May 23)
- Re: Interesting new dns failures Roger Marquis (May 22)