[dns-operations] Fwd: Re: [Security] Glue or not glue?

Mark Andrews marka at isc.org
Wed Jun 10 22:54:56 UTC 2015


In message <557897D6.4010005 at easydns.com>, "Mark E. Jeftovic" writes:
>
>
> Matthew Pounsett wrote:
> >> On Jun 9, 2015, at 23:35 , Dave Warren <davew at hireahit.com> wrote:
> >> To me, the main problem isn't verifying the nameservers before
> delegation, but rather, the fact that an authoritative server cannot
> reliably get themselves removed once delegation is established. At most,
> an authoritative server operator can return bad data to attempt to
> disrupt the zone owner's rightful use, but in the case of a high traffic
> DNSBL which has been abandoned, there's little an authoritative server
> operator can do about the flood of traffic.
> >
> > In the (very rare) case of my name servers receiving unwanted traffic
> in this way, I've treated it as an abuse issue.  Report to abuse@ the
> organization that's doing the delegation that they're generating undated
> traffic.  So far that's worked, but I haven't yet had to email a gTLD
> registry.
> > _______________________________________________
>
> It's not that rare. It's happened to us (more than once) and it happened
> to DNSimple not too long ago. In those cases we've had problems getting
> the registrar to yank the delegation. In cases like that the registry
> often won't even talk to us.
>
> It should be a no brainer to have a registrar or registry do this, but
> it isn't.

Then pull them into court to get them to actual do what they are
required to do as per RFC 1034.  This should be a simple thing for
even a magistrate to rule on as you are asking the registry to
follow the consenus driven rules that were agreeded on before they
became a registry operator.

Just document that you have tried less drastic steps first.

> - mark
>
> --
> Mark E. Jeftovic <markjr at easydns.com>
> Founder & CEO, easyDNS Technologies Inc.
> +1-(416)-535-8672 ext 225
> Read my blog: http://markable.com
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the dns-operations mailing list