nanog mailing list archives
Re: Interesting new dns failures
From: Douglas Otis <dotis () mail-abuse org>
Date: Fri, 25 May 2007 01:54:49 -0700
On May 24, 2007, at 10:45 PM, John Levine wrote:
I ask you: What would you suggest? It's quite hard to craft technical solutions to policy failures.Since the registrar business has degenerated into a race to the bottom, I don't see anything better than setting a floor that is the minimal allowable bottom. Since ICANN has neither the inclination nor the competence to do that, and they have no control over ccTLDs anyway, that means (egad!) regulation.Yeah, I know the Internet is all over the world, but as a participant in the London Action Plan, an informal talking shop of the bits of governments that deal with online crime, spam, etc., I can report that pretty much all of the countries that matter realize there's a problem, and a lot of them have passed or will pass laws whether we like it or not. So it behooves us to engage them and help them pass better rather than worse laws.
Agreed, but adding a preview process doesn't cost much and would help establish stability. There are millions of domains churning every day. Just keeping track of which domains are new is costly. Once it becomes common place for providers to withhold DNS information of new domains, does it really make sense to permit domain records to change frequently and within milliseconds after some holding period? While provisions should be established for granting exceptions, requiring a 12 hour zone preview before going "live" should lead to significant reductions in the amount of criminal activity depending upon this insane agility that thwarts tracking and takedowns.
Allow security entities time to correlate upcoming domain changes, and this swamp will drain rapidly.
-Doug
Current thread:
- Re: Interesting new dns failures, (continued)
- Re: Interesting new dns failures Chris L. Morrow (May 22)
- Re: Interesting new dns failures Fergie (May 22)
- Re: Interesting new dns failures Fergie (May 24)
- Re: Interesting new dns failures Chris L. Morrow (May 24)
- Re: Interesting new dns failures Roger Marquis (May 24)
- Re: Interesting new dns failures John Levine (May 24)
- Re: Interesting new dns failures Per Heldal (May 25)
- Re: Interesting new dns failures Simon Waters (May 25)
- Re: Interesting new dns failures Chris L. Morrow (May 24)
- Re: Interesting new dns failures Fergie (May 24)
- Re: Interesting new dns failures John Levine (May 24)
- Re: Interesting new dns failures Douglas Otis (May 25)
- Re: Interesting new dns failures John Levine (May 24)
- Re: Interesting new dns failures Scott Weeks (May 25)
- Re: Interesting new dns failures Valdis . Kletnieks (May 25)
- Re: Interesting new dns failures Chris L. Morrow (May 25)
- Re: Interesting new dns failures Valdis . Kletnieks (May 25)
- Re: Interesting new dns failures Chris L. Morrow (May 25)
- Re: Interesting new dns failures John Levine (May 25)
- Re: Interesting new dns failures Valdis . Kletnieks (May 25)