domain hijacking - what do you do to prepared?

Lou Katz lou at
Mon Jan 17 04:18:20 UTC 2005

On Sun, Jan 16, 2005 at 09:57:08PM +0000, Eric Brunner-Williams in Portland Maine wrote:
> Gadi,
> > The question that comes to mind is - what do you do to be prepared?
> Well, for a start you can put a comment into the ICANN comments on
> the new xfr policy. I did earler today. Next, you can, as some today
> did, decide that cache trumps authority under some conditions, and
> ensure that cache is controlling when some conditions exist.
> There are so many structural things wrong with the mechanisms this is
> about like asking how to write cat in perl.
> > I suppose that other than setting registrar lock in place, there is 
> > another thing one can do.

As soon as I saw the new transfer policy, as an OpenSRS reseller, I locked
ALL the domains registered through me. I assumed (apparently incorrectly)
that most resellers did the same. But, being a very leaf node, I do
know ALL my customers, and they all agreed with my LOCK maneuver.

> In terms of mechanism, this just undoes the latest change in xfr
> policy in the ICANN gTLD market. Instead of opt-in-after-nack-delay
> you go back to opt-out-after-nack-delay. It is a rational choice,
> but since it is, you (plural) know that your interests were not the
> controling ones when the policy change was debated.


> There are edge-case registrants who are benefited by opt-in, but if
> most of you (plural) opt-out, then the change in policy that affects
> registrants, must either be an error, or benefit some parties other

Ahh - who?


More information about the NANOG mailing list