Reality Check

Scott Francis scott at virtualis.com
Thu Mar 15 23:07:30 UTC 2001 

On Thu, Mar 15, 2001 at 01:10:31PM -0800, Patrick Greenwell had this to say:
> > > Spelling out the obvious: let's say that VBCnet started referring 
> > > our customers to the wrong name server to resolve names in .COM.
> > > How many minutes would it be before the phones began ringing off 
> > > the hook?  I can assure you that we would fix it really fast, and
> > > take steps to make sure that we didn't screw up again.
> > 
> > problem arises when individuals or organizations _purposefully_ subvert
> > nameserver resolution. 
> 
> If you own your network and are free to direct packets where you would
> like them to go, rather it be to the DoC rootservers, the ORSC root
> servers, or to blackhole new.net servers, how is it possible to
> "subvert" nameserver resolution?

The same way people have learned to make sure that a search for "Anna
Kournikova" (for instance) returns, say, 200 records that are sites/pages
that have nothing whatever to do with Anna Kournikova, and a whole LOT to do
with bringing in cash to the sites in question.

If there is money to be made (which there is), people will ALWAYS find a way to
exploit inconsistencies in the system, unless it is NOT ALLOWED. See my reply
to Jim Dixon - if a query for domain.xxx returns one site in one root zone, and
another site in another zone, either site is likely to sue the alternate zone
operator and/or the other site for infringement, improper business practice or
whatever they can manage in order to get the hits going to the other site.

Sad as it may be, there will always be a contingent of folks that look to their
lawyer as a tool to steal things from others. If we allow a loophole, it _will_
be exploited. Solution: do not allow inconsistencies in the root, and multiple
roots will always allow for inconsistencies.

-- 
Scott Francis           scott@   [work:] v i r t u a l i s . c o m
Systems Analyst     darkuncle@   [home:] d a r k u n c l e . n e t
PGP fingerprint 7ABF E2E9 CD54 A1A8 804D  179A 8802 0FBA CB33 CCA7             
               illum oportet crescere me autem minui

More information about the NANOG mailing list