On Thu, Mar 15, 2001 at 01:10:31PM -0800, Patrick Greenwell had this to say:
Spelling out the obvious: let's say that VBCnet started referring our customers to the wrong name server to resolve names in .COM. How many minutes would it be before the phones began ringing off the hook? I can assure you that we would fix it really fast, and take steps to make sure that we didn't screw up again.
problem arises when individuals or organizations _purposefully_ subvert nameserver resolution.
If you own your network and are free to direct packets where you would like them to go, rather it be to the DoC rootservers, the ORSC root servers, or to blackhole new.net servers, how is it possible to "subvert" nameserver resolution?
The same way people have learned to make sure that a search for "Anna Kournikova" (for instance) returns, say, 200 records that are sites/pages that have nothing whatever to do with Anna Kournikova, and a whole LOT to do with bringing in cash to the sites in question. If there is money to be made (which there is), people will ALWAYS find a way to exploit inconsistencies in the system, unless it is NOT ALLOWED. See my reply to Jim Dixon - if a query for domain.xxx returns one site in one root zone, and another site in another zone, either site is likely to sue the alternate zone operator and/or the other site for infringement, improper business practice or whatever they can manage in order to get the hits going to the other site. Sad as it may be, there will always be a contingent of folks that look to their lawyer as a tool to steal things from others. If we allow a loophole, it _will_ be exploited. Solution: do not allow inconsistencies in the root, and multiple roots will always allow for inconsistencies. -- Scott Francis scott@ [work:] v i r t u a l i s . c o m Systems Analyst darkuncle@ [home:] d a r k u n c l e . n e t PGP fingerprint 7ABF E2E9 CD54 A1A8 804D 179A 8802 0FBA CB33 CCA7 illum oportet crescere me autem minui