[dns-operations] Reporting glue as authoritive data -- Bug!
Edward Lewis
Ed.Lewis at neustar.biz
Thu Jan 31 16:02:11 UTC 2008
I don't follow this at all, but I encourage that you take this from
the mailing list and put it into a reviewed, archived, and
distributed document such as an RFC.
Are you saying that I could register "lurekiddies.example" with
"www.childporn.com" as a name server, resulting in my issuing answers
that have the address for www.childporn.com in the answer section?
Or that it would convince COM to have the glue?
example's servers wouldn't have the glue for www.childporn.com, so
hybrids wouldn't be sent, lame server answers would.
com wouldn't have that record unless there was a com delegation that
claiming www.childporn.com as a server. I assume (without knowledge)
that COM no longer allows/carries glue in undelegated space (there
was a time when). I don't know about policies regarding using names
in delegations.
I'm just writing trying to follow your point.
At 13:41 +0000 1/31/08, Paul Vixie wrote:
>"hybrid answer" is a term i'm choking on since i think these answers are
>obviously and indefensibly wrong. one of the many evils they let loose
>is for someone to set up a nameserver www.childporn.com, refer to it from
>one or more other domains, and get free dns service from the .COM servers
>for their illicit activities, using a domain name which can't be tracked
>or tapped by law enforcement, and which can't be shut off due to ICANN's
>policies. if no "hybrid" answers were forthcoming, then this trick would
>not work. note that the implications from dnssec on clarifying who owns
>what and who can answer for what are more compelling in my opinion, but,
>there is also some evil that's let loose by answering queries for NS RRs
>and A RRs that should properly be referred instead.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis +1-571-434-5468
NeuStar
Think glocally. Act confused.
More information about the dns-operations
mailing list