ICANN/GNSO GNSO Email List Archives

[registrars]


<<< Chronological Index >>>    <<< Thread Index >>>

[registrars] Fast Flux DNS.

  • To: Registrars Constituency <registrars@xxxxxxxxxxxxxx>
  • Subject: [registrars] Fast Flux DNS.
  • From: "Robert F. Connelly" <BobC@xxxxxxxxxxxxxxx>
  • Date: Sat, 08 Mar 2008 23:03:35 -0800
  • In-reply-to: <22555260.1204997925802.JavaMail.root@m08>
  • List-id: registrars@xxxxxxxxxxxxxx
  • References: <47D28956.3060600@abenaki.wabanaki.net> <22555260.1204997925802.JavaMail.root@m08>
  • Sender: owner-registrars@xxxxxxxxxxxxxx

At 06:34 PM 3/8/2008 Saturday  +0100, Eric Brunner-Williams wrote:
>   Fast flux hosting is a serious and mounting problem that affects    name services in all    GTLDs. SSAC encourages ICANN, registries and registrars to consider    the practices    mentioned in this Advisory, to establish best practices to mitigate    fast flux hosting, and to    consider incorporating such practices in future accreditation
>   agreements. 

Dear Experts on Fast Flux:

I've been trying to get a handle on this issue and how it relates to ICANN Accredited Registrars.  I may just be rambling as I try to understand the problem.  If it's just dumb, let me know.   My best medicine for ignorance it to expose it and become better informed.

I *had_been* thinking that the Fast Flux perpetrators were changing the nameservers on individual domains (for example, domain strings resembling the domains of legitimate web sites for banks, etc.).\
To do so, the "fluxers"  would need to access the domains and change the nameservers using established interfaces provided by their registrars or resellers.  Were that the case, cooperating registrars could readily derail their efforts.

But from what I've been reading, it would appear that the nameservers themselves are not being changed.  For example, here is a physhing domain and its nameservers:

Domain:  examplesoundlikebank.com

Nameservers:  ns1.normalandflux.tld and  ns2.normalandflux.tld

(As a matter of fact, they could probably do just as much damage with one nameserver as with two).

If I am on track, such would distance the problem from the ICANN Accredited Registrar.  An ISP or other service even more remote that an ISP could change the A records quickly to point to other IP addresses.  

If I'm not completely lost at this point, it occurs to me that the offending nameservers could *also*  be based upon ccTLD domains, as follows:

 ns1.normalandflux.cctld and  ns2.normalandflux.cctld

It seems to me that ICANN Accredited Registrars would be helpless to assist in impeding  the use of Fast Flux ccTLD nameservers.

All that I could see that one of "our registrars" could do would to put the offending gTLD domain on hold., e.g. examplesoundlikebank.com.

I await comments by our astute members.

Regards, BobC










<<< Chronological Index >>>    <<< Thread Index >>>