[dns-operations] policy to prevent glue for "bogus" IP addresses
Brett Frankenberger
rbf+dns-operations at panix.com
Sat Sep 12 00:06:06 UTC 2015
On Fri, Sep 11, 2015 at 10:54:53AM -0700, Paul Vixie wrote:
>
> hostname objects aren't the problem. "DEV" for example is not a
> registered hostname in ICANN. i know from experience that there are
> already great controls in place for hostnames referenced by TLD NS
> records. what i'm asking for here is controls for delegations of
> registered names.
>
> note that we already know we can't demand accurate whois, accountability
> of registrants, or timely removal of names used in network abuse or
> criminal activities. ICANN is structurally powerless toward those
> factors. that's why DNS RPZ exists (see https://dnsrpz.info/) -- we're
> placing defenses at the near end which would be far more effective and
> economical at the far end. i do NOT want to have to take the same
> approach with NS->(AAAA|A) chains that point into
> unadvertised/unreachable/local address space.
In your view, is the prohibition via ICANN requirements on registries or
registrars, of, for example,
XYZ.COM NS ...-> 127.0.53.53
worth the effort it would take, given that it would not prevent
ABC.XYZ.COM NS ...-> 127.0.53.53
-- Brett
More information about the dns-operations
mailing list