[dns-operations] whois location standard

Ondřej Surý ondrej.sury at nic.cz
Tue Aug 26 10:09:22 UTC 2008


2008/8/26 Jeroen Massar <jeroen at unfix.org>:
> Calvin Browne wrote:
>> On Tue, 2008-08-26 at 11:12 +0200, Florian Weimer wrote:
>>> * Calvin Browne:
>>>
>>>> You operate a zone - and want to publish the location of the whois
>>>> service for that zone. You simply publish a SRV record, and now people
>>>> know where to find whois information for that zone.
>>>> Or aa.xx can subvert xx by publishing a different location for xx ?
>>> aa.xx can subvert the xx WHOIS service, as perceived by the end user,
>>> by claiming to run its own WHOIS service and serve bad or misleading
>>> data for aa.xx.
>>>
>>
>> So, it can only publish bad information for itself....
>>
>> I can't see how this is a problem?
>
> Well, maybe because one can return showing up as a different party, or
> hide your information etc etc etc.
>
> Simple conclusion: the bottom-up model is broken because of the above
> problem (which I also mentioned in my other mail). The only way to do
> this properly is to use the up-bottom model, thus try to query closest
> to the root as possible, as that delegation is authoritative.

I don't see that as a big problem.  You just need to define that for n-th
level domain whois client has to ask n-1-th whois server, ie.:

'whois www.nic.cz' asks for _nicname._tcp.nic.cz and falls back to
_nicname._tcp.cz

and

'whois nic.cz' asks for _nicname._tcp.cz

Or just can go bottom-up, ie.: whois www.nic.cz asks:

1) _nicname._tcp. - if exists, ask it and show result and go to 2)
                  - if you have hard coded address, ask, show, go to 2)
                  - if it doesn't exists, go to 2)
2) _nicname._tcp.cz. - if exists, ask it and show result and go to 3)
                     - if you have hard coded address, ask, show, go to 3)
                     - if it doesn't exists, go to 3)
3) ...add as many iterations as you want

Ondrej.
-- 
 Ondřej Surý
 technický ředitel/Chief Technical Officer
 -----------------------------------------
 CZ.NIC, z.s.p.o. -- .cz domain registry
 Americká 23,120 00 Praha 2,Czech Republic
 mailto:ondrej.sury at nic.cz http://nic.cz/
 sip:ondrej.sury at nic.cz tel:+420.222745110
 mob:+420.739013699 fax:+420.222745112
 -----------------------------------------


More information about the dns-operations mailing list