Re: [DNSOP] dns interface to whois? (Re: Taking Back the DNS )
On Sun, 21 Nov 2010, Paul Vixie wrote: here's something interesting. You have just received a comment for: Taking Back the DNS http://www.circleid.com/posts/20100728_taking_back_the_dns/#7331 By Marc Perkel ... Also - I would like to see some sort of DNS lookup to determine the age of a domain and the expiration date through DNS (high speed) as opposed to whois. That way domains that are very new can be distinguished for those who are established. This service has been available from a third party supplier for years now. http://www.support-intelligence.com/dob/ SpamAssassin uses it, for example. Tony. -- f.anthony.n.finch d...@dotat.at http://dotat.at/ HUMBER THAMES DOVER WIGHT PORTLAND: NORTH BACKING WEST OR NORTHWEST, 5 TO 7, DECREASING 4 OR 5, OCCASIONALLY 6 LATER IN HUMBER AND THAMES. MODERATE OR ROUGH. RAIN THEN FAIR. GOOD. ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] dns interface to whois? (Re: Taking Back the DNS )
On Sun, 21 Nov 2010, Eric Brunner-Williams wrote: ergo, any scheme to use domain age to differentiate domains acquired for spam, maleware, ... purposes, if effective, will result in the use of marginal seo assets as spam, maleware, ... assets, limiting the utility of an age-aware spam, maleware, ... mitigation scheme. On the other hand, if you treat a new domain with suspicion you buy yourself time to find out if it is bad or not by gathering data from other sources. a closer correlation to seo assets is the registrar and name server association, That also works well. Tony. -- f.anthony.n.finch d...@dotat.at http://dotat.at/ HUMBER THAMES DOVER WIGHT PORTLAND: NORTH BACKING WEST OR NORTHWEST, 5 TO 7, DECREASING 4 OR 5, OCCASIONALLY 6 LATER IN HUMBER AND THAMES. MODERATE OR ROUGH. RAIN THEN FAIR. GOOD. ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] dns interface to whois? (Re: Taking Back the DNS )
Date: Mon, 22 Nov 2010 20:36:17 + From: bmann...@vacation.karoshi.com we tried this a couple time last decade with limited success. (pre SRV). it would work, if and only if there were general agreement by the zone admins to actually keep up w/ the data. while i expect that it would be a gateway rather than a data transform, and while i agree that if it's a data transform then it should be done often enough to not get out of date, i note that i'm asking a different question than would it work. i'm wondering if there's enough interest to have it be worth writing it up as a dns schema so that interested producers and consumers of this information in this form can have a standard rendezvous (qname format) and delivery system (TXT formats). that's not would it work. it's could it ever be useful to anybody. i am not trying to get input on technical feasibility since i think that's pretty obvious. nor am i trying to get input on governance like should registries be required by icann to implement it or should icann implement it for root, arpa, and other non-delegated zones. just is there interest. ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] dns interface to whois? (Re: Taking Back the DNS )
On Mon, Nov 22, 2010 at 09:58:02PM +, Paul Vixie wrote: Date: Mon, 22 Nov 2010 20:36:17 + From: bmann...@vacation.karoshi.com we tried this a couple time last decade with limited success. (pre SRV). it would work, if and only if there were general agreement by the zone admins to actually keep up w/ the data. while i expect that it would be a gateway rather than a data transform, and while i agree that if it's a data transform then it should be done often enough to not get out of date, i note that i'm asking a different question than would it work. i'm wondering if there's enough interest to have it be worth writing it up as a dns schema so that interested producers and consumers of this information in this form can have a standard rendezvous (qname format) and delivery system (TXT formats). that's not would it work. it's could it ever be useful to anybody. well, at least two schemas have been proposed and there was limited uptake either time. perhaps times have changed. i am not trying to get input on technical feasibility since i think that's pretty obvious. nor am i trying to get input on governance like should registries be required by icann to implement it or should icann implement it for root, arpa, and other non-delegated zones. just is there interest. well, one thing that kind of makes sense is where to anchor such records... two choices - a WKA such as in-addr.arpa, ip6.int, enum.arpa et.al. or place the entries at each delegation point and sweep the tree periodically to build a stale cache of data... --bill ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] dns interface to whois? (Re: Taking Back the DNS )
Date: Mon, 22 Nov 2010 22:52:34 + From: bmann...@vacation.karoshi.com well, at least two schemas have been proposed and there was limited uptake either time. perhaps times have changed. the fact that so few people have spoken up gives me my answer -- there's not enough interest in this to make it worth doing. previous efforts did not become RFC's in any form, and it seems likely that another would also not make it. well, one thing that kind of makes sense is where to anchor such records... two choices - a WKA such as in-addr.arpa, ip6.int, enum.arpa et.al. or place the entries at each delegation point and sweep the tree periodically to build a stale cache of data... in the basenote of this thread i was only proposing this for registries of names. so, vix._domain._whois._registry.com for vix.com, and similarly pv15._contact._whois._registry.com for the PV15 contact in the COM registry. i'm aware of your prior work to do this for numbers but that wasn't my topic. ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] dns interface to whois? (Re: Taking Back the DNS )
yeah, i saw marc's comment too. in the ecology of tasted domains who's seo value is tending towards the do-not-renew cost point, there exists a reservoir of aged domains. ergo, any scheme to use domain age to differentiate domains acquired for spam, maleware, ... purposes, if effective, will result in the use of marginal seo assets as spam, maleware, ... assets, limiting the utility of an age-aware spam, maleware, ... mitigation scheme. a closer correlation to seo assets is the registrar and name server association, and where slower-than-real-time and cached responses are of use, the automated detection of type of value capture at the resolved resource, e.g., ppc. there are other reasons for attempting, as policy, of avoiding delivering to the end user a resolution that has some property known in advance. -e ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] dns interface to whois? (Re: Taking Back the DNS )
From: John L. Crain john.cr...@icann.org Date: Sun, 21 Nov 2010 09:51:45 -0800 Why would we do this, who gains by adding this? I don't see the benefit. i think it's so that folks can refuse e-mail from domains under N days old where N is a local policy decision. i have no direct use for it so i'm sort of guessing here. Was the use case outlined? no. i'm guessing it's a way to do http://www.support-intelligence.com/dob/ that does not require downloading TLD zone files every day and diffing them. --- noting that the race to register domains as fast as possible and as many of them as possible has primarily benefitted spammers not their victims, the good guys have built a magnificient system whose highest and best use is against our own interests, and that kind of folly produces requests such as this one -- stuff that in a better overall system would not be asked for. less controversially, the data is already public, the question is whether a standard dns schema as another interface into this public data would be useful to enough people. as to whether some registries might be forced to support it when they don't see a need, that's a governance question not a technology question, and it is: is more transparency better? re: http://www.circleid.com/posts/20100728_taking_back_the_dns/#7331 ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] dns interface to whois? (Re: Taking Back the DNS )
On Sun, Nov 21, 2010 at 05:33:12PM +, Paul Vixie wrote: how would the registry system implement something like this? I would argue that they shouldn't. i know there are a lot of related proposals in XML. that's another topic. No, it isn't. It's one thing to say, Go look over here for IRIS. It's quite another to try to duplicate all that in the DNS itself. Why do that? A -- Andrew Sullivan a...@shinkuro.com Shinkuro, Inc. ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] dns interface to whois? (Re: Taking Back the DNS )
An interesting idea -- just thinking out loud... On Nov 21, 2010, at 7:51 AM, John L. Crain wrote: how would the registry system implement something like this? could we define another SRV-like schema like: If we were go to this route, I'd think defining RRs for each tag would be the way to go instead of using TXT. Why would we do this, who gains by adding this? If it allows us to finally kill off whois, everyone in the universe (:-)). For example, as part of the RR definition process, the encoding of the value part of the tag/value pair could be explicitly defined. As a registrant, registrar or registry I have access to that data. True, if you can figure out which whois server to query, that whois server is actually up, and the data is actually fetchable from the whois server. The advantage of binding the registration information into the DNS along with the name being registered is the removal of a notoriously broken part of the name registration system and simplification of deriving from where you actually get the registration data. As a person (or client) resolving a name at a specific point in time I don't see how this data would be relevant. What do people use registration data for now? Oh, and if the data is DNSSEC-signed, you could actually verify it hadn't been altered by a MITM attack (if that actually occurs). Regards, -drc ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] dns interface to whois? (Re: Taking Back the DNS )
On 21 nov 2010, at 22.27, Andrew Sullivan wrote: My point is that if there were some reason to have this data available in a convenient machine readable format, then iris would already be deployed. There is no reason. Noone is asking strong enough to get correct data from the whois service. Instead, ICANN is asking to have the whois protocol available, and on top of that money is spent on anonymous registration (2nd hand registration) etc. So as long as that is what people ask for, you will not see iris. That there's no uptake seems to me to be an indication that registries don't want additional costs. Registries do only implement what people ask for. Patrik ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop