nanog mailing list archives

Previous By Date Next
Previous By Thread Next

RE: summarising [was: Re: ICANNs role]

From: <michael.dillon () bt com>
Date: Wed, 4 Apr 2007 16:57:25 +0100


If you're going to do any vetting, the time to do it is at 
registration,
not at crunch time.


The bulk of the discussion over the past few days was directed at the
practice of rapid updates of BRAND NEW DOMAIN NAMES. Clearly this is
entirely separate from the issue of updating information for an
established domain name.


Designing a system which doesn't allow for some level of 
anonymity (let's
say for whistleblower/bloggers) requires some serious debate that goes
far beyond "what are the security implications."


That is really a separate issue. This discussion is about limiting the
damage caused by domains which do rapid NS switching. If we know which
domains are new, DNS operators could put them on probation and only
allow a minimum TTL of 1 day on those names. The domain owner can still
switch NSes but the queries won't chase him, therefore he will sell less
product and quickly stop doing NS switching. If he's not NS switching
then it is easier to track him down, blackhole him, filter him,
whatever.

--Michael Dillon
Previous By Date Next
Previous By Thread Next

Current thread: