On Mon, 21 May 2007, Chris L. Morrow wrote:
ok, so 'today' you can't think of a reason (nor can I really easily) but it's not clear that this may remain the case tomorrow. It's possible that as a way to 'better loadshare' traffic akamai (just to make an example) could start doing this as well.
So, I think that what we (security folks) want is probably not to auto-squish domains in the TLD because of NS's moving about at some rate other than 'normal' but to be able to ask for a quick takedown of said domain, yes? I don't think we'll be able to reduce false positive rates low enough to be acceptable with an 'auto-squish' method :(
Auto-squish on a registrar level is actually starting to work, but there is a long way yet.. As to NS fastflux, I think you are right. But it may also be an issue of policy. Is there a reason today to allow any domain to change NSs constantly?
-Chris