It is impossible to measure the effectiveness without knowing how many collision queries are just noise (queries that will cause no noticeable damage if they started coming back with results).

Agreed. I don't see how to find that out in ways that are not hard to back out if it turns out the damage is as bad as we fear.

In the case of mitigation through wildcard-to-localhost, it is safe to assume that many organizations did in fact mitigate; we simply can't tell how many or when.

How come? I'm not denying it's possible, but I've never seen any evidence that there were collisions to mitigate. Before the approach, some TLDs tried reserving the names that showed up in DITL snapshots, and those names looked to me totally random, likely generated by something that was trying to see whether some piece of namespace was wildcarded.



(Disclaimer: I'm now on ICANN staff, but well before I was, I wrote "Guide to Name Collision Identification and Mitigation for IT Professionals" for ICANN.)

A fine document for people who already realize they need to deal with collisions, not so much for people who don't realize they exist or assume they're someone else's problem.

DNSOP mailing list

Reply via email to