[dns-operations] Fwd: Re: [Security] Glue or not glue?

Matthew Pounsett matt at conundrum.com
Wed Jun 10 19:20:15 UTC 2015


> On Jun 9, 2015, at 23:35 , Dave Warren <davew at hireahit.com> wrote:
> To me, the main problem isn't verifying the nameservers before delegation, but rather, the fact that an authoritative server cannot reliably get themselves removed once delegation is established. At most, an authoritative server operator can return bad data to attempt to disrupt the zone owner's rightful use, but in the case of a high traffic DNSBL which has been abandoned, there's little an authoritative server operator can do about the flood of traffic.

In the (very rare) case of my name servers receiving unwanted traffic in this way, I’ve treated it as an abuse issue.  Report to abuse@ the organization that’s doing the delegation that they’re generating undated traffic.  So far that’s worked, but I haven’t yet had to email a gTLD registry.  



More information about the dns-operations mailing list