On Tue, Sep 29, 2015 at 10:59:15AM -0400, Paul Wouters wrote:
> So, my emails to this person were not delivered to the rogue MX servers
> because both he and I deployed DNSSEC.
+1
Another similar example: gimp.org expired in the second week of August
and entered the grace period. At this time,
Hi Andrew
On Tue, Sep 29, 2015 at 11:27:48AM -0400, Andrew Sullivan wrote:
> On Tue, Sep 29, 2015 at 08:41:05PM +0530, Mukund Sivaraman wrote:
> > directed DNS to their nameserver and was serving records (how is the
> > registrar permitted to control the domain except disabling it, when it
> > is
Paul Wouters writes:
> However, they did not modify the DS records after taking over the NS
> records and MX/A records.
Sadly though, they could have.
On Tue, Sep 29, 2015 at 09:02:04PM +0530, Mukund Sivaraman wrote:
> What I had asked above was: except disabling it (i.e.,
> disrupting/denying access), how is the registrar permitted to control
> the domain (redirecting to their NS to serve A records, which is
> nefarious)?
It's not nefarious.