Re: [dns-operations] First new gTLD using ICANN's Name Collision Occurrence Management Framework
A related observation: according the ICANN webinar on this topic from a couple of weeks ago, all new gTLDs delegated on or after August 18th were supposed to deploy these kinds of controlled interruption wildcard records. The slides are here: https://www.icann.org/en/system/files/files/name-collision-framework-slides-12aug14-en.pdf It looks like the following new gTLDs were delegated on/after that date. But only .otsuka has the records: business gbiz gmail immo network otsuka pizza xn--vhquv --Shumon. On Thu, Aug 28, 2014 at 8:38 AM, Chris Thompson c...@cam.ac.uk wrote: The gTLD otsuka, created sometime in the last 24 hours, appears to be the first to use the wildcards described at https://www.icann.org/news/announcement-2-2014-08-01-en https://www.icann.org/en/system/files/files/name- collision-framework-30jul14-en.pdf That is, it contains *.otsuka. 3600 IN A127.0.53.53 *.otsuka. 3600 IN TXT Your DNS configuration needs immediate attention see https://icann.org/namecollision; *.otsuka. 3600 IN SRV 10 10 0 your-dns-needs-immediate- attention.otsuka. *.otsuka. 3600 IN MX 10 your-dns-needs-immediate-attention.otsuka. and the corresponding RRSIGs. What do people think about this business? Is anyone taking specific precautions to detect attempts to connect to 127.0.53.53? -- Chris Thompson University of Cambridge Information Services, Email: c...@uis.cam.ac.ukRoger Needham Building, 7 JJ Thomson Avenue, Phone: +44 1223 334715 Cambridge CB3 0RB, United Kingdom. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] First new gTLD using ICANN's Name Collision Occurrence Management Framework
On Aug 28, 2014, at 7:39 AM, Shumon Huque shu...@gmail.com wrote: A related observation: according the ICANN webinar on this topic from a couple of weeks ago, all new gTLDs delegated on or after August 18th were supposed to deploy these kinds of controlled interruption wildcard records. The slides are here: https://www.icann.org/en/system/files/files/name-collision-framework-slides-12aug14-en.pdf Correct, but they only need to deploy it before they deploy any SLDs other than nic.newgtld. It looks like the following new gTLDs were delegated on/after that date. But only .otsuka has the records: Also correct. So, before any of those TLDs start doing anything other than I'm in the root zone and I have A records for nic, they have to do the 90-day controlled interruption. --Paul Hoffman ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] First new gTLD using ICANN's Name Collision Occurrence Management Framework
Hi Chris, At 05:38 28-08-2014, Chris Thompson wrote: The gTLD otsuka, created sometime in the last 24 hours, appears to be the first to use the wildcards described at [snip] What do people think about this business? Is anyone taking specific precautions to detect attempts to connect to 127.0.53.53? I presume that the people who invented this stuff know what they are doing. Regards, -sm ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] First new gTLD using ICANN's Name Collision Occurrence Management Framework
On Thu, Aug 28, 2014 at 12:50 PM, SM s...@resistor.net wrote: Hi Chris, At 05:38 28-08-2014, Chris Thompson wrote: The gTLD otsuka, created sometime in the last 24 hours, appears to be the first to use the wildcards described at [snip] What do people think about this business? Is anyone taking specific precautions to detect attempts to connect to 127.0.53.53? I presume that the people who invented this stuff know what they are doing. Mwahahahahahhah hahhhahaha teehee... Thanks, I needed that. W Regards, -sm ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] DNSSEC strict mode useful?
Hello Holger, Zuleger, Holger, Vodafone DE wrote: Hmm, what about BINDs dnssec-must-be-secure . yes; ? thanks, I have been blind. That is what I'm looking for. Problem solved. -- Carsten ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] First new gTLD using ICANN's Name Collision Occurrence Management Framework
I note that these documents speak to many of the issues being exposed here (and yes, full disclosure, I wrote a small portion of the text/reviewed them): https://www.icann.org/en/system/files/files/sac-062-en.pdf https://www.icann.org/en/system/files/files/sac-066-en.pdf Draw your own conclusions. Cheers, Rod On Aug 28, 2014, at 9:50 AM, SM s...@resistor.net wrote: Hi Chris, At 05:38 28-08-2014, Chris Thompson wrote: The gTLD otsuka, created sometime in the last 24 hours, appears to be the first to use the wildcards described at [snip] What do people think about this business? Is anyone taking specific precautions to detect attempts to connect to 127.0.53.53? I presume that the people who invented this stuff know what they are doing. Regards, -sm ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs signature.asc Description: Message signed with OpenPGP using GPGMail ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] First new gTLD using ICANN's Name Collision Occurrence Management Framework
On Thu, Aug 28, 2014 at 05:36:29PM -0400, Warren Kumari wrote: On Thu, Aug 28, 2014 at 4:12 PM, Warren Kumari war...@kumari.net wrote: On Thu, Aug 28, 2014 at 12:50 PM, SM s...@resistor.net wrote: Hi Chris, At 05:38 28-08-2014, Chris Thompson wrote: The gTLD otsuka, created sometime in the last 24 hours, appears to be the first to use the wildcards described at [snip] What do people think about this business? Is anyone taking specific precautions to detect attempts to connect to 127.0.53.53? I presume that the people who invented this stuff know what they are doing. Mwahahahahahhah hahhhahaha teehee... Thanks, I needed that. So, I just realized that this sounded like a jab specifically at JAS (the folk who proposed the 127.0.53.53 answer) -- this was actually instead supposed to be a jab at everyone :-) I had long discussions with the JAS folk, and have huge respect for them - they did, IMO, a good job. The really fun part (for me) is that depending on the OS you can ping 127.0.53.53. (eg: Linux, Yes, MacOS, No). Linux will also give you Connection refused for TCP connections. - Jared -- Jared Mauch | pgp key available via finger from ja...@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] First new gTLD using ICANN's Name Collision Occurrence Management Framework
On Thursday, August 28, 2014, Rod Rasmussen rod.rasmus...@internetidentity.com wrote: I note that these documents speak to many of the issues being exposed here (and yes, full disclosure, I wrote a small portion of the text/reviewed them): Yah, me too... W https://www.icann.org/en/system/files/files/sac-062-en.pdf https://www.icann.org/en/system/files/files/sac-066-en.pdf Draw your own conclusions. Cheers, Rod On Aug 28, 2014, at 9:50 AM, SM s...@resistor.net javascript:; wrote: Hi Chris, At 05:38 28-08-2014, Chris Thompson wrote: The gTLD otsuka, created sometime in the last 24 hours, appears to be the first to use the wildcards described at [snip] What do people think about this business? Is anyone taking specific precautions to detect attempts to connect to 127.0.53.53? I presume that the people who invented this stuff know what they are doing. Regards, -sm ___ dns-operations mailing list dns-operations@lists.dns-oarc.net javascript:; https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] First new gTLD using ICANN's Name Collision Occurrence Management Framework
On 28 aug 2014, at 22:12, Warren Kumari war...@kumari.net wrote: On Thu, Aug 28, 2014 at 12:50 PM, SM s...@resistor.net wrote: Hi Chris, At 05:38 28-08-2014, Chris Thompson wrote: The gTLD otsuka, created sometime in the last 24 hours, appears to be the first to use the wildcards described at [snip] What do people think about this business? Is anyone taking specific precautions to detect attempts to connect to 127.0.53.53? I presume that the people who invented this stuff know what they are doing. Mwahahahahahhah hahhhahaha teehee... Thanks, I needed that. Thanks Warren, this made me smile... ;-) For people not aware, the discussion inside ICANN on this matter has been...hmm...complicated. What is deployed is the result of a discussion inside ICANN that you can find one core report here: https://www.icann.org/public-comments/name-collision-2014-02-26-en See for example Section 2.3 and Appendix A in SAC066: https://www.icann.org/en/system/files/files/sac-066-en.pdf Patrik Fältström SSAC Chair signature.asc Description: Message signed with OpenPGP using GPGMail ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] First new gTLD using ICANN's Name Collision Occurrence Management Framework
Hi Rod, Warren, At 14:13 28-08-2014, Rod Rasmussen wrote: I note that these documents speak to many of the issues being exposed here (and yes, full disclosure, I wrote a small portion of the text/reviewed them): Was there a response to those issues? At 14:36 28-08-2014, Warren Kumari wrote: So, I just realized that this sounded like a jab specifically at JAS (the folk who proposed the 127.0.53.53 answer) -- this was actually instead supposed to be a jab at everyone :-) That is how I read it. :-) Regards, -sm ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs