RE: Kill Verisign Routes :: A Dynamic BGP solution

["David Schwartz" <davids () webmaster com>]

> I wanted to discuss the merits of the following:

> I have written a proof of concept solution to nuke a route to sitefinder.
> Code to those who care or to the list if anyone cares.  Perl is
> your friend
> :)

> Basic concept:  Use Net::BGP to set up a peering session with my route
> server.  Query DNS for *.com and *.net on x interval.  Then take
> the answers
> (if they are valid A records) and inject them into the route server (which
> in our case is used solely to feed a blackhole network to sink
> traffic from
> APNIC space, etc).

> If an address no longer appears in the DNS (i.e. the idiots
> switched hosts),
> withdraw the route.  If they set up multiple hosts, it will catch each one
> of them.  You can set the polling interval as you please.

> Thoughts?

        I think the whole idea of getting into an escalating technical war with
Verisign is extremely bad. Your suggestion only makes sense if you expect
Verisign to make changes to evade technical solutions. Each such change by
Verisign will cause more breakage. Verisign will either provide a way to
definitively, quickly, and easily tell that a domain is not registered or
Verisign will badly break COM and NET.

        DS