[dns-operations] Fwd: Re: [Security] Glue or not glue?
Dave Warren
davew at hireahit.com
Wed Jun 10 03:35:13 UTC 2015
On 2015-06-09 18:09, Mark Andrews wrote:
> If you want this to change behavior sue the registry and registrar
> for not doing "due dilegence" before adding the NS record because
> they are not going to pay attention any other way it seems. Contracts
> can't save them as you, as a nameserver operator, are not party to
> the the contract between the registry / registrar or registrar /
> registrant.
>
> One or two successful suites will change this behaviour.
To me, the main problem isn't verifying the nameservers before
delegation, but rather, the fact that an authoritative server cannot
reliably get themselves removed once delegation is established. At most,
an authoritative server operator can return bad data to attempt to
disrupt the zone owner's rightful use, but in the case of a high traffic
DNSBL which has been abandoned, there's little an authoritative server
operator can do about the flood of traffic.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
More information about the dns-operations
mailing list