At 8:57 PM +0000 11/27/07, [EMAIL PROTECTED] wrote:
as the admin of PDC.example.org ... however, it is
the Height of Arrogance to presume I can tell the rice.edu
or isi.edu people what IP addresses to use on their machines.
The issue isn't between (say) moe.rice.edu and (say) ns.isi.edu, the
issue is between example.org and (say) moe.rice.edu.
needs. Now the poor .org admin - he has to believe me when
i tell him what nameservers will be authoritative for example.org.
.org doesn't need to believe example.org's claim. How does .org
suffer if example.org mis-lists its servers? How does example.org
suffer?
and its prolly prudent for him to contact the admins of
ns.isi.edu and moe.rice.edu to collect the correct IP addresses
for those nodes... If I was the poor sod responsible for .org,
I would not really believe that the moron holding example.org
had done his homework and actually -KNEW- what the IP addresses
were for these nodes or was in a position to keep that data
current. but that would be me.
I think the missing link here is knowing what is done with the
collected IP addresses. In the following scenario there's no risk if
the addresses are incorrect.
.org won't list the ns.isi.edu address in DNS, it won't be part of
the operational fabric. But let's say someone is debugging a phishing
attack (as this stemmed from an APWG thing) and they note that
example.org is being served up by 127.0.3.12. They ask .org what IP
addresses were reported for example.org and they find that the address
being heard isn't one of the listed ones. At this point it would be
wrong to conclude that the address is rogue, but it merits questioning
to see if it's the case that example.org just didn't make an needed
update (whether aware or not) or the address is indeed rogue.
At 1:03 PM -0800 11/27/07, David Conrad wrote:
secondary services. The IP addresses in use for the secondary service
should be part of that agreement.
That too.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis +1-571-434-5468
NeuStar
Think glocally. Act confused.
_______________________________________________
DNSOP mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dnsop
