Interesting new dns failures
Chris L. Morrow
christopher.morrow at verizonbusiness.com
Mon May 21 05:34:02 UTC 2007
On Sun, 20 May 2007, Roger Marquis wrote:
> >> All the same, it would seem to be an easy and cheap abuse to address,
> >> at the gtlds. Why are these obvious trojans are being propagated by
> >> the root servers anyhow?
> > the root servers are responsible how exactly for the fast-flux issues?
> > Also, there might be some legittimate business that uses something like
> > the FF techniques... but, uhm... how are the root servers involved again?
> Nobody's saying that the root servers are responsible, only that they
but you said it:
"at the gtlds. Why are these obvious trojans are being propagated by
the root servers anyhow?"
> are the point at which these domains would have to be squelched. In
> theory registrars could do this, but some would have a financial
> incentive not to. Also I don't believe registrars can update the roots
> quickly enough to be effective (correct me if I'm wrong).
I think you really mean 'TLD' not 'root'... I think, from playing this
game once or twice myself, the flow starts with the registrar to the
registry (in your example estdomains is the registrar and Verisign is the
registry). i think it pretty much stops there. i suppose you COULD get
ICANN to spank someone, but that's going to take a LONG time to
accomplish. (I think atleast)
> Given the obvious differences between legitimate fast flux and the
> pattern/domains in question it would seem to be a no-brainer,
> technically at least.
hrm... I don't think it's a technical stumbling block, though trying to
pre-know who's bad and who's not might get you in trouble (say I register
the domain lakjdauejalkasu91er.com and fast-flux it for my own 'good' use,
how's that different from 'uzmores.com' ?).
Anyway... I don't disagree that there ought to be a hammer here and it
ought to be applied. I'm just not sure it's as simple as it appears at
More information about the NANOG