On Sun, 16 Jan 2005, Joe Maimon wrote:
Thus justifying those who load their NS and corresponding NS's A records with nice long TTL
Although this wasn't a problem in this case (hijacker did not appear to have been interested in controlling dns since it points to default domain registration and under construction page), but long TTL trick could be used by hijackers - i.e. he gets some very popular domain, changes dns to the one he controls and purposely sets long TTL. Now even if registrars are able to act quickly and change registration back, those who cached new dns data would keep it for quite long in their cache. P.S. Just in case I chose not to send this info until panix.com had been restored, but we really do need to deal with how it occurred in the first place - even short term damage is bad so we need to have policies at ICANN that do no allow unauthorized transfers or else all domains can be "LOCKED" by default by registrars which effectively does the same. -- William Leibzon Elan Networks william@elan.net