[dns-operations] DNS namespace collisions and "controlled interruption"
Stephane Bortzmeyer
bortzmeyer at nic.fr
Fri Jan 10 11:28:03 UTC 2014
On Wed, Jan 08, 2014 at 08:51:00PM +0000,
Jeff Schmidt <jschmidt at jasadvisors.com> wrote
a message of 110 lines which said:
> Please look here:
>
> http://domainincite.com/15512-controlled-interruption-as-a-means-to-prevent-name-collisions-guest-post
> Will serving localhost IPs cause the kind of visibility required to
> inspire action?
I suspect that, in many cases, the leak comes from systems which are
not under the direct control of the system administrator.
1) Jane Sysadmin, who works for Acme Corp, decides (wrongly) to use
.HOME for the local pseudo-TLD of Acme
2) Employees of Acme Corp stores bookmarks in their Web browser, some
bookmarks include ".home/", for instance http://corpinfo.home/
3) Joe Employee goes back home with his laptop or pad and selects the
wrong bookmark. Bang! A DNS request for corpinfo.home is done (and
elicits a 127.0.53.53 response to the poor Joe). But Jane Sysadmin
will never see it or heard about it. Even the NSA, monitoring the root
name servers, will not know that it is related to Acme.
More information about the dns-operations
mailing list