On-going Internet Emergency and Domain Names

Douglas Otis dotis at mail-abuse.org
Mon Apr 2 01:42:58 UTC 2007


On Mon, 2007-04-02 at 12:03 +1200, Simon Lyall wrote:

> So assuming you get rid of tasting and reduce the flow of new names to
> say 50,000 per day [1] exactly how are you going to preview these in any
> meaningful sort of way?

A preview would not directly reduce a churn rate, although it might as a
side effect.  Computers are able to correlate even with millions of
domains per day.  

> Are you going to do the same for every ccTLD as well?

Consistent rules should be established for ccTLD as well, however each
ccTLD may wish to limit preview access differently. 

> What about domains with constantly changing subdomains? Everything
> hosted in different countries with different languages, policies and
> privacy laws? Believe it or not, some countries don't even have
> "states" or 5 digit zip codes.

Information collected can be pushed to the edge to protect against
domains controlled by bad actors.  A domain should be cautious about
delegating to bad actors.

> Please detail exactly what you will do if I register "trademe.ir" using
> a Pakistani Registrar, a .ly contact email, a physical address in Nigeria,
> the name "Tarek Rasshid" [2] , $10/year name servers in Cuba and pay for
> using Visa gift credit card bought in Malaysia.

This is not about modifying the function of registrars or registries,
beyond requiring a zone preview from registries.  This is about
identifying threats, even zero day threats, and offering protection.
The protection afforded can be fairly comprehensive, although nothing is
100%.

-Doug






More information about the NANOG mailing list