[dns-operations] Fwd: Re: [Security] Glue or not glue?
Mark E. Jeftovic
markjr at easydns.com
Wed Jun 10 20:02:30 UTC 2015
Matthew Pounsett wrote:
>> On Jun 9, 2015, at 23:35 , Dave Warren <davew at hireahit.com> wrote:
>> To me, the main problem isn't verifying the nameservers before delegation, but rather, the fact that an authoritative server cannot reliably get themselves removed once delegation is established. At most, an authoritative server operator can return bad data to attempt to disrupt the zone owner's rightful use, but in the case of a high traffic DNSBL which has been abandoned, there's little an authoritative server operator can do about the flood of traffic.
>
> In the (very rare) case of my name servers receiving unwanted traffic in this way, I’ve treated it as an abuse issue. Report to abuse@ the organization that’s doing the delegation that they’re generating undated traffic. So far that’s worked, but I haven’t yet had to email a gTLD registry.
> _______________________________________________
It's not that rare. It's happened to us (more than once) and it happened
to DNSimple not too long ago. In those cases we've had problems getting
the registrar to yank the delegation. In cases like that the registry
often won't even talk to us.
It should be a no brainer to have a registrar or registry do this, but
it isn't.
- mark
--
Mark E. Jeftovic <markjr at easydns.com>
Founder & CEO, easyDNS Technologies Inc.
+1-(416)-535-8672 ext 225
Read my blog: http://markable.com
More information about the dns-operations
mailing list