[dns-operations] Reporting glue as authoritive data -- Bug!
jabley at ca.afilias.info
Thu Jan 31 16:19:44 UTC 2008
On 31-Jan-2008, at 11:02, Edward Lewis wrote:
> I don't follow this at all, but I encourage that you take this from
> the mailing list and put it into a reviewed, archived, and
> distributed document such as an RFC.
> Are you saying that I could register "lurekiddies.example" with
> "www.childporn.com" as a name server, resulting in my issuing answers
> that have the address for www.childporn.com in the answer section?
> Or that it would convince COM to have the glue?
I think I understand what Paul is speculating about, but I have a
couple of doubts as to whether it would work. Suppose, for example,
the idea is:
1. Register childporn.com
2. Register a www.childporn.com host record (with an address, since
it's subordinate to a com domain)
3. Register one or more other non-offensive domains with www.childporn.com
as a nameserver. Possibly these domains would need to be named
under .com or .net (don't know; haven't tried)
4. Allow childporn.com to lapse (i.e. don't renew it -- let it expire)
I can see how it might appear that this would cause childporn.com to
disappear as a domain, while the host record would persist for ever
with no published contacts and no clear way to remove it. However, I'm
not sure that's the case, since:
(a) host records have contact data associated with them
(b) in the example above, childporn.com would not actually expire
(since the host record dependency exists) -- the sponsoring registrar
would continue to be billed for it, and from the point of view of the
registry it would still be a legitimate, registered domain.
Perhaps someone should try this general approach and see what happens.
I've had this kind of idea explained to me in the context of some evil-
doer trying to game a registry into incurring registry fees for large
numbers of domains without a corresponding revenue stream from
registrants, which it seems to me would probably work. But I'm not
sure that it's a mechanism to insert zombie A records into a TLD.
More information about the dns-operations