Re: [ga] Most Popular Invalid????? TLDs Should Be Reserved

[Hugh Dierker <hdierker2204@xxxxxxxxx>]

I have been quite interested in the use of this new 
scientific/legal/engineering term;
 
"Invalid TLDs"     If I read this right (and I don't think I agree) Then POTUS 
Obama is definitely an "invalid, illegitimate bastard". Not that, that would 
bother me as I am a chosen child myself, being adopted.  We have a birthright 
-- it is called Freedom.  But so do "invalids".
 
Karl's "tainted" addresses are likewise wearing a scarlet letter on their 
chest. I think Mother Theresa, Drs. Pasteur and Jesus would be attracted to 
such outcasts and lepers.

--- On Fri, 6/19/09, Karl Auerbach <karl@xxxxxxxxxxxx> wrote:


From: Karl Auerbach <karl@xxxxxxxxxxxx>
Subject: Re: [ga] Most Popular Invalid TLDs Should Be Reserved
To: "George Kirikos" <gkirikos@xxxxxxxxx>
Cc: "GNSO GA Mailing List" <ga@xxxxxxxxxxxxxx>, dave.piscitello@xxxxxxxxx
Date: Friday, June 19, 2009, 1:02 PM



George Kirikos wrote:

> I recommend that the Security and Stability Advisory Committee compile 
> statistics on
> invalid TLD queries across all root servers, and from popular ISP-run DNS 
> servers, in
> order to create a Reserve List. The list of at least the top 1000 invalid 
> TLDs should
> be made public to ensure transparency, and be pruned only with the consensus 
> support of
> the community.

Which creates a kind of denial of service attack:  If I want to block my 
competitor or enemy from getting a TLD I'd generate a lot of pages and videos 
containing highly attractive links to URL's with names in that TLD, or I'd hire 
a botnet to generate queries for that TLD.

By-the-way, there's a not quite related issue:  IP addresses are often diseased 
from prior use.  For example some people I know get a constant (and very 
annoying) rain of packets from old Microsoft machines looking to contact some 
MS servers that used to sit at an address that has now moved into other hand.  
I recently had to change providers for one of my outlying sites because some 
jerk started generating about 500 SIP Invites per second looking for an 
Asterisk server that used to be at that address.  (I had to change providers 
because no provider along the path would install a filter, so I abandoned the 
address to the next sucker^B^B^B^B^B^Bperson.  Last time I checked ARIN 
couldn't care less if they hand out an block that is diseased.

The net is at risk of dead spots in address space and DNS caused by this kind 
of thing as well as by filters and blacklists that once-established are never 
removed.

    --karl--