[dns-operations] Against ghost domain name
paul vixie
paul at redbarn.org
Thu Feb 9 14:19:37 UTC 2012
On 2/9/2012 10:46 AM, Masato Minda wrote:
> I have some idea of workaround about ghost domain name.
>
> When the registry must revoke the domain name, it must not remove from
> the zone.
>
> 1. The registry makes the null name server of that domain name.
> 2. The registry changes the NS RR of that domain name. The NS RR points
> the null name server of above.
> 3. After TTL of both parent and child NS RR, the registry removes the
> domain name from zone.
> 4. The registry cancels the null name server.
>
> After that, there is no ghost domain name.
>
> Is this idea correct?
i don't think this is correct. if an iterative caching resolver
re-iterates through the registry's name servers then an NXDOMAIN would
stop the query. ghost domains work only when this re-iteration does not
occur due to caching of NS and related A/AAAA.
paul
More information about the dns-operations
mailing list