[dns-operations] Typo in fox.com and an Akamai squatter
phoffman at proper.com
Mon Feb 1 17:45:46 UTC 2016
On 1 Feb 2016, at 8:08, Edward Lewis wrote:
> If the problem lay in the registration data, i.e., the owner of
> made a typo at their registrar and it resulted in the incorrect name
> published in the DNS, there is little the DNS hoster can do. If the
> owner leaves a hanging name for someone else to squat on, there's
> no automated way to prevent badness.
Sure there is. A hoster can scan the NS records for all their clients
and note when one of those records isn't pointing to the hoster's name
servers. This would be a service that I bet some customers (such as
Fox?) would very much like.
> A DNS hoster could detect changes and ask if they made sense (that
> be asking a lot) but in the case I was privy too, the changes weren't
> in the hoster, they were made in a location far removed - the
That should not prevent the hoster from not only alerting their
customer, but suggesting that the customer use a better registrar (for
some probably-slated definition of "better", like "registrars with whom
we have a business relationship").
> I don't know if Akamai is a registrar, if they are, if they are a
> registrar for fox.com. (WhoIs says fox.com is registered via
> MarkMonitor.) I am assuming they are not. Again, in the instance I
> we were not a registrar even though we were a registry for a few TLDs.
In the current case, Akamai could make an arrangement with some
registrars (certainly with one the size and reputation of MarkMonitor)
to have a high-urgency communication channel when there is something
wrong happening with their mutual customers.
> Only the domain name owner is in position to check this.
This entire list was able to check this. :-)
> DNSSEC or not,
> the problem exists, with DNSSEC though DANE and other ways to check
> security credentials can help. (Because the owner would have to make
> mistakes to be vulnerable, the typo plus messing up the other method,
> whatever it is.)
Note that the registrar is also able to check this. Pseudocode:
for each customer:
Collect all NS records
for each NS record in set:
Check for name that is not run by the same admin as the rest
if state == fishy:
Check if we have talked to the customer about this before
if first_time or not dont_bug_us_about_fishiness:
More information about the dns-operations