laissez-faire DNS

• Previous message (by thread): [apops] The Cidr Report
• Next message (by thread): Responses and update..
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

<all the standard disclaimers>

Those whom I'm speaking to know the security and routing vulnerabilities
associated with name resolution.
(others, some background:
http://citeseer.nj.nec.com/schuba93addressing.html ,
http://citeseer.nj.nec.com/lioy00dns.html)

Anyway, I wish I were providing solutions or even offering new
information. Instead, I'm looking for some insight. It has come to my
attention that some ISPs and most web-hosting companies I've researched
allow their customers to freely configure their forward and reverse DNS
through some sort of interface or ticket submission, neither of which
goes through any sort of validation. This not only poses a serious
security risk to their customers, but to any domain one of their
customers choose to hi-jack. The argument of these companies is "there
is not real validation process available" that "registrars list
disclaimers with their whois information [that it may not be valid]" and
"the hundreds of changes and discrepancies reported [each month] would
cost too much administratively". 

While I see the validity in their arguments, I cannot help but to
shutter at the possible repercussions of giving into such obstacles. Is
it so impossible to implement an authentication process that could be
script automated--at least weeding out all but the most dedicated
poisoner? I've toyed around with a couple solutions I would like some
input from "the inspired" before I attempt to publish anything.

(And, props to Vixie for his work continuous work on Bind and those
engineers collaborating on DNSSEC)

j

• Previous message (by thread): [apops] The Cidr Report
• Next message (by thread): Responses and update..
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]