The owner of each zone may choose to publish relevent data in the zone(s) they control.
" may " ... * shudder * "RFC Wish List": should, or even -SHALL-. :)
zero leverage
* shudder *
This whole thing gets much tighter when/if we can get DNSSEC deployed
:)
Yes there are interesting scoping issues. Yes there are concerns wrt evil people and tolerent applications. But this tactic clearly puts the onus on the people in control of the useage, not some centralized repository.
What I am contemplating is accountability during, say, a DDOS. My Point: Typical NOC response time (NRT) ~= 20 minutes. (+-) Total Reaction Time (TRT) = Sum of Noc Response Times. If NC = Noc Count, then: Overly simplified, TRT = (NC * NRT ) Therefore, as NC approaches infinity, so does TRT. :( "The greater the distance between an accountable entity, and the last traceable chain of authority on the net, typically, the greater the total reaction time for an incident." (As NC increases, so does, -typically-, TRT) Also, related: "The greater the total reaction time, the lower the probability of isolating and identifying a real time culprit." Traceable chains of authority are broken by A: Lack of Data B: MisDirection C: Variants of all the above. So, it would seem, IMHO that we should attempt to keep NC minimized, and to do so we would focus on strategies for minimizing A and B (effectively C). I support the idea of using BIND to replace/augment whois, however, I see a forthcoming Caveat: "A BIND based solution may help solve some of the B type problems, and accidental/temporary A's, while setting the stage for intentional type A's and B's" Whois was managed by NSI, who maintained at least a reasonable level of A. As such, -most- complaints appear to be oriented around B type issue's. Wait till A destabilizes, for real. As NC approaches infinity..... :( Any way we can nail both A, -and- B ? (See: "RFC Wish List" )
YMMV.
My point exactly. ;) </thinking out loud>