[dns-operations] whois location standard

Jeroen Massar jeroen at unfix.org
Tue Aug 26 09:33:20 UTC 2008


Calvin Browne wrote:
> On Tue, 2008-08-26 at 11:12 +0200, Florian Weimer wrote:
>> * Calvin Browne:
>>
>>> You operate a zone - and want to publish the location of the whois
>>> service for that zone. You simply publish a SRV record, and now people
>>> know where to find whois information for that zone.
>>> Or aa.xx can subvert xx by publishing a different location for xx ?
>> aa.xx can subvert the xx WHOIS service, as perceived by the end user,
>> by claiming to run its own WHOIS service and serve bad or misleading
>> data for aa.xx.
>>
> 
> So, it can only publish bad information for itself....
> 
> I can't see how this is a problem?

Well, maybe because one can return showing up as a different party, or
hide your information etc etc etc.

Simple conclusion: the bottom-up model is broken because of the above
problem (which I also mentioned in my other mail). The only way to do
this properly is to use the up-bottom model, thus try to query closest
to the root as possible, as that delegation is authoritative.

If then a whois server allows sub-domains to have their own whois
servers it can always note in the whois entry 'query <x> for more
details' or something similar.

Greets,
 Jeroen

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: OpenPGP digital signature
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20080826/0d77dacd/attachment.sig>


More information about the dns-operations mailing list