Home page logo
/

nanog logo nanog mailing list archives

Re: AW: Odd policy question.
From: "Christopher L. Morrow" <christopher.morrow () mci com>
Date: Sat, 14 Jan 2006 03:23:10 +0000 (GMT)



On Fri, 13 Jan 2006, Jeffrey I. Schiller wrote:


Let me attempt to bring this back to the policy question.

Does someone have the *right* to put one of your IP addresses as an NS
record for their domain even if you do not agree?

Probably this is a multifaceted question :( So.. If I understand Drew's
original question he had a customer (valid paying customer) that signed up
for a new domain with $REGISTRAR12 called: "fooble.com". He put in his 2
ip addresses for the 2 servers sitting in Drew's cabinet as NS's (why
wouldn't he they were his to use then since he was paying for the service
there in Drew's world), he purchased the 10yr plan for the domain.

Later his company folded or he moved to another place with another name
effectively abandoning the names in place for some unrelated reason(s).
Drew is now allocating the 2 ips to a new customer who has setup NS's on
the same ips and is now getting 'lame delegation' action from some yokel
that walked away from his domain(s) :(

So, at the time of the domain registration the registerer had authority to
use Drew's ips, now he/she doesn't :( and isn't inn the mood to clean up
the 'mess' :(


Registrar policies imply that this is so, and has been this way for a
long time.

A number of years ago (like 8-10 or so) I had a student host a domain on
my campus that I rather they not host. When I requested the registrar
(or registrar equivalent at the time) to remove the domain, or at least
the NS record pointing at my IP address, they refused. Their position
was that if I didn't like the domain, I should block access to the IP
address. I solved the problem another way...


Probably this is a bad solution for Drew, though he MIGHT be able to ID
the zones in question:
1) run a NS for a while, log queries for a while
2) sort/uniq queries, make auth responses for the names
3) 'hijack' the domain and send it off to 'other place' via registrar
updates.

Not always is this feasible :(



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]