<<<
Chronological Index
>>> <<<
Thread Index
>>>
[registrars] Fast Flux DNS.
- To: Registrars Constituency <registrars@xxxxxxxxxxxxxx>
- Subject: [registrars] Fast Flux DNS.
- From: "Robert F. Connelly" <BobC@xxxxxxxxxxxxxxx>
- Date: Sat, 08 Mar 2008 23:03:35 -0800
- In-reply-to: <22555260.1204997925802.JavaMail.root@m08>
- List-id: registrars@xxxxxxxxxxxxxx
- References: <47D28956.3060600@abenaki.wabanaki.net> <22555260.1204997925802.JavaMail.root@m08>
- Sender: owner-registrars@xxxxxxxxxxxxxx
At 06:34 PM 3/8/2008 Saturday +0100, Eric Brunner-Williams wrote:
> Fast flux hosting is a serious and mounting problem that affects name services in all GTLDs. SSAC encourages ICANN, registries and registrars to consider the practices mentioned in this Advisory, to establish best practices to mitigate fast flux hosting, and to consider incorporating such practices in future accreditation
> agreements.
Dear Experts on Fast Flux:
I've been trying to get a handle on this issue and how it relates to ICANN Accredited Registrars. I may just be rambling as I try to understand the problem. If it's just dumb, let me know. My best medicine for ignorance it to expose it and become better informed.
I *had_been* thinking that the Fast Flux perpetrators were changing the nameservers on individual domains (for example, domain strings resembling the domains of legitimate web sites for banks, etc.).\
To do so, the "fluxers" would need to access the domains and change the nameservers using established interfaces provided by their registrars or resellers. Were that the case, cooperating registrars could readily derail their efforts.
But from what I've been reading, it would appear that the nameservers themselves are not being changed. For example, here is a physhing domain and its nameservers:
Domain: examplesoundlikebank.com
Nameservers: ns1.normalandflux.tld and ns2.normalandflux.tld
(As a matter of fact, they could probably do just as much damage with one nameserver as with two).
If I am on track, such would distance the problem from the ICANN Accredited Registrar. An ISP or other service even more remote that an ISP could change the A records quickly to point to other IP addresses.
If I'm not completely lost at this point, it occurs to me that the offending nameservers could *also* be based upon ccTLD domains, as follows:
ns1.normalandflux.cctld and ns2.normalandflux.cctld
It seems to me that ICANN Accredited Registrars would be helpless to assist in impeding the use of Fast Flux ccTLD nameservers.
All that I could see that one of "our registrars" could do would to put the offending gTLD domain on hold., e.g. examplesoundlikebank.com.
I await comments by our astute members.
Regards, BobC
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|