On Fri, Jun 27, 2008 at 11:11 PM, Roger Marquis <marquis@roble.com> wrote:
On Fri, 27 Jun 2008, Christopher Morrow wrote:
I'd point out that FastFlux is actually sort of how Akamai does it's job (inconsistent dns responses)
That's not really fast flux. FF uses TTLs of just a few seconds with dozens of NS. Also, in practice, most FF NS are invalid. Not that FF has a fixed definition...
;; ANSWER SECTION: www.yahoo.com. 24 IN CNAME www.yahoo-ht3.akadns.net. www.yahoo-ht3.akadns.net. 57 IN A 69.147.76.15 akamai, 60 second TTL's... most of the FF things I've seen sit around 300seconds for NS and for A records. either way, this is 60 seconds which is fast enough. http://en.wikipedia.org/wiki/Fast_flux that goes fairly well to what I was referencing as FF and Double-Flux.
Domain tasting has solutions on the table (thanks drc for linkages) but was a side effect of some customer-satisfaction/buyers-remorse loopholes placed in the regs...
The domain tasting policy was, if I recall, intended to address buyers of one to a few domains, not thousands. Would be a simple matter to fix, in a functional organization.
sure, policy by committee I think drc made some references to that process. It's taking time :(
Yes, sorry, DHS. :-) At least they are sensitive to security matters and would, in theory, not be as easily influenced by politics as was the NSF.
I'm not sure that a us-focused law/regulatory answer serves 'the tubes' very well. Certainly DHS can help make things useful inside the US-Govt. they may also be able to help advise, but implementation is left to the operators and policy folks in ICANN + registries + registrars. -Chris