Re: [dnsop] lame delegation DOS (was ccTLD delegation analysis)

Måns Nilsson, KTHNOC
Mon, 26 Jan 2004 01:42:02 -0800

--On Thursday, January 22, 2004 21:34:32 +0000 Jim Reid <[EMAIL PROTECTED]> wrote:

I recall a survey Patrik Faltstrom did of the .se TLD a
couple of years ago. The registry has/had a bunch of checks before a
delegation was made. If the zone wasn't set up right, no delegation
was done.

This only applied for redelegation, not for new domains. Now, as the registry has been more, if not enough, automated, the check applies to newly registered domains whose delegation data can be auto-submitted. But, DNS data for not yet approved domain registrations is not checked.

Even in that environment, entropy eventually wins. Around
25% of the delegations in .se were broken in one way or another.
Though this figure included more errors than just lame delegations.

Do note "one way or another". Not all these 25% were totally lame. Also, it has helped very much the common case of negligent dns operator at web hotel who waits for "ok" from registry before setting up dns for a new customer switching dns providers, thereby blackholing them for at least TTL.

--
Måns Nilsson            Systems Specialist
+46 70 681 7204         KTHNOC
                       MN1334-RIPE

pgp00000.pgp
Description: PGP signature

Reply via email to