On Sat, 31 Mar 2007, Paul Vixie wrote:
at the other end, authority servers which means registries and registrars ought, as you've oft said, be more responsible about ripping down domains used by bad people. whether phish, malware, whatever. what we need is some kind of public shaming mechanism, a registrar wall of sheep if you will, to put some business pressure on the companies who enable this kind of evil.
I've posted here a few times about this, but... in almost all cases of domain names used in a bad way (in malware or to further malware's intents) the domain is purchased on a stolen CC. The registrar knows this most often with in days of the purchase, they don't seem to turn off the domain though. Why is that? Why do they not terminate the domain or atleast terminate control of it by the 'bad actors'? It seems that if the registrars would terminate control in a timely fashion that would do what 'we' want, yes? remove the ease of use of this tool for the bad actors...
fundamentally, this isn't a dns technical problem, and using dns technology to solve it will either not work or set a dangerous precedent. and since
if the local side of the problem (an enterprise let's say) wants to use the dns-tool in their toolbox, 'ok'. I'm not sure that at the provider level it's as simple as that since there is an aggregation of security policies there and often the policies conflict (you can look at xxx vs you can't look at xxx).