[dns-operations] Reporting glue as authoritive data -- Bug!

[Edward Lewis]

I don't follow this at all, but I encourage that you take this from 
the mailing list and put it into a reviewed, archived, and 
distributed document such as an RFC.

Are you saying that I could register "lurekiddies.example" with 
"www.childporn.com" as a name server, resulting in my issuing answers 
that have the address for www.childporn.com in the answer section? 
Or that it would convince COM to have the glue?

example's servers wouldn't have the glue for www.childporn.com, so 
hybrids wouldn't be sent, lame server answers would.

com wouldn't have that record unless there was a com delegation that 
claiming www.childporn.com as a server.  I assume (without knowledge) 
that COM no longer allows/carries glue in undelegated space (there 
was a time when).  I don't know about policies regarding using names 
in delegations.

I'm just writing trying to follow your point.

At 13:41 +0000 1/31/08, Paul Vixie wrote:
>"hybrid answer" is a term i'm choking on since i think these answers are
>obviously and indefensibly wrong.  one of the many evils they let loose
>is for someone to set up a nameserver www.childporn.com, refer to it from
>one or more other domains, and get free dns service from the .COM servers
>for their illicit activities, using a domain name which can't be tracked
>or tapped by law enforcement, and which can't be shut off due to ICANN's
>policies.  if no "hybrid" answers were forthcoming, then this trick would
>not work.  note that the implications from dnssec on clarifying who owns
>what and who can answer for what are more compelling in my opinion, but,
>there is also some evil that's let loose by answering queries for NS RRs
>and A RRs that should properly be referred instead.

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis                                                +1-571-434-5468
NeuStar

Think glocally.  Act confused.