Actually, I don't like this "solution" to the problem. First of all, not only does the InterNIC have to keep track of all the contact handles but, so do we, the domain owners. Now that we have no way of listing more than 10 records in whois (Thanks NetSOL... No, really. Thanks. .!..) if you happen to lose the contact information for a domain, you're screwed. You won't know who which contact to send any modifications from. Well, so much for that argument. They have changed their policy again. The whois now lists more than 10 records again. (Thanks NetSOL... No, really. Thanks. .!..) They have taken the following away from us though: root@Overkill primary]# whois "server NS17904-HST" [rs.internic.net] No match for server "NS17904-HST". It worked a week ago, now, it doesn't. The simple fact is that NetSOL is out of control. They seem to have the notion that they OWN the database. They are stewards of the database, not the owners. Until the community as a whole expresses their outrage of NSIs heavy-handed actions towards the community, they are going to continue down this path. BTW: Where did ds.internic.net go? How about ftp.internic.net? I'll tell you... [root@Overkill primary]# host ftp.internic.net ftp.internic.net is a nickname for ftp.ds.internic.net ftp.ds.internic.net is a nickname for shutdown.ds.internic.net shutdown.ds.internic.net has address 198.49.45.29 [root@Overkill primary]# traceroute ftp.internic.net traceroute: Warning: Multiple interfaces found; using 209.41.244.2 @ eth0 traceroute to shutdown.ds.internic.net (198.49.45.29), 30 hops max, 40 byte packets 1 Border-Core0-Fast-eth1.Columbus.EnterZone.Net (209.41.244.1) 4.276 ms 66.212 ms 1.805 ms 2 core1-eth0-ENTERZONE.Columbus.fnsi.net (209.115.127.21) 29.598 ms 12.102 ms 0.998 ms 3 core1-eth0-ENTERZONE.Columbus.fnsi.net (209.115.127.21) 0.995 ms !H * 1.188 ms !H It's time to drop a clue-bomb on VA. At 02:10 PM 3/23/99 -0800, you wrote:
Simple. Set up one of your domains to map admin.*@example.com to admin.contact@enterzone.net, billing.*@example.com to billing-contact, etc. and just send the e-mail to register foobar.com FROM the fictitious admin contact of, say, admin.foobar.com@example.com.
If InterNIC wants to be anal-retentive, let their Contacts database get full, too.
And sure you can say "that's abuse, and you shouldn't condone it", but if you think that the speculators aren't going to turn to this very same procedure, you need to lay off the crack pipe.
------------------------------------------------------------------ ML.ORG is gone. Check out http://www.EZ-IP.Net - It's *FREE* ------------------------------------------------------------------ Get your *FREE* Parked Domain account at http://www.EZ-Hosting.Com ------------------------------------------------------------------ John Fraizer | __ _ | The System Administrator | / / (_)__ __ ____ __ | The choice mailto:John.Fraizer@EnterZone.Net | / /__/ / _ \/ // /\ \/ / | of a GNU http://www.EnterZone.Net/ | /____/_/_//_/\_,_/ /_/\_\ | Generation PGP Key fingerprint = 7DB6 1CA2 DAA6 43DA 3AAF 44CD 258C 3D7E B425 81A8
CC'd to Chuck Gomes, since I don't recall whether he reads this list or not. On Tue, Mar 23, 1999 at 05:43:46PM -0500, John Fraizer wrote:
To: Derek Balling <dredd@megacity.org>, nanog@merit.edu From: John Fraizer <John.Fraizer@EnterZone.Net> Subject: Re: more Internic nightmare
Actually, I don't like this "solution" to the problem.
First of all, not only does the InterNIC have to keep track of all the contact handles but, so do we, the domain owners. Now that we have no way of listing more than 10 records in whois (Thanks NetSOL... No, really. Thanks. .!..) if you happen to lose the contact information for a domain, you're screwed. You won't know who which contact to send any modifications from.
Well, so much for that argument. They have changed their policy again. The whois now lists more than 10 records again. (Thanks NetSOL... No, really. Thanks. .!..)
The simple fact is that NetSOL is out of control. They seem to have the notion that they OWN the database.
They always have had that notion. Remember when they asserted that .COM domains were their assets?
They are stewards of the database, not the owners. Until the community as a whole expresses their outrage of NSIs heavy-handed actions towards the community, they are going to continue down this path.
I'm ready to. To add fuel to the fire, I continue to get snail mail for the Forum for Responsible and Ethical E-mail, from companies OTHER than NetSol. Now, I am well aware that, for example, many mailing lists got the address of a company I own from corporate filings and the information on my vendor's license. However, FREE is not yet incorporated, and the only record of any mailing address is on the domain record for spamfree.org. I wonder what Chuck has to say about that? -- Steve Sobol sjsobol@nacs.net (AKA support@nacs.net and abuse@nacs.net) "The world is headed for mutiny/When all we want is unity" --Creed, "One"
hypotheses: o the whois and zone data are needed for administrative and operational purposes o slime are abusing those data for spamming etc., which denizens of this list seem to hate almost as much as they hate nsi o slime are watching zone/whois changes to send immediate spam to new registrants 'use our wonderful services' o slime are doing massive domain squatting hoping to then extort high prices from more legitimate applicants o ... if the above were true, and i believe that they are, what would the oh so brilliant and deeply experienced in large scale production systems readers of this list do to responsibly yet strongly inhibit such slimeful activity? think about it seriously. i suspect there are no easy answers. randy
Randy Bush wrote:
if the above were true, and i believe that they are, what would the oh so brilliant and deeply experienced in large scale production systems readers of this list do to responsibly yet strongly inhibit such slimeful activity
Sarcasm aside, to answer your 4th point, why not require payment (i.e. a cleared check, or credit card) before registering? No grace period. And so what if domain squatters want to squat? A) They paid the price, and B) Netsol's current registration process for their $114.95 deal encourages this (i.e. to quote their new web site: These Web Addresses are also available! Register your name in all 3 extensions (.com, .net, .org) to create a stronger online identity and keep your competitors from using it. Just click the box next to each web address you want to Reserve or Register (definitions below). Points 1-3 have already been discussed before (the solution is instituting a whois engine that allows the registrant to restrict who can/can't read their contact data). Feel free to ask me about this if you skipped the engine discussion. /rlj
On Tue, 23 Mar 1999, Randy Bush wrote:
if the above were true, and i believe that they are, what would the oh so brilliant and deeply experienced in large scale production systems readers of this list do to responsibly yet strongly inhibit such slimeful activity?
think about it seriously. i suspect there are no easy answers.
Randy we've been there - done that - the only answer is PREPAY. That cleans the slate - if you want to speculate it'll cost you... The abuse all stems from it being *FREE* to abuse the system - if it costs something - even though you could still do it - it will correct itself - cuz it will have a financial PENALTY to do so. -- I am nothing if not net-Q! - ras@poppa.thick.net
Randy we've been there - done that - the only answer is PREPAY.
that's one approach to the cybersquatter issue. like all solutions, it has it's good and bad points. but i meets my needs, so what the heck. but this does not address the miner/spammer issues. randy
At 04:03 PM 3/23/99 -0800, Randy Bush wrote:
Randy we've been there - done that - the only answer is PREPAY.
that's one approach to the cybersquatter issue. like all solutions, it has it's good and bad points. but i meets my needs, so what the heck.
but this does not address the miner/spammer issues.
Actually it would if you also restrict whois to tech contacts. It would only take a slight modification for the whois client to read and send the uuid of the account doing the requesting. The whois server could then reply or deny, based on that information. The fact that one then has to have a domain in order to use the whois database, plus the pre-pay requirement, should slow them down a bit. Yes, this can be circumvented, but it would cost a lot more than the $70 for a domain registration. In addition, the whois server would know exactly who is mining the data and would be able to track them, even if they spread it out over months. ___________________________________________________ Roeland M.J. Meyer - e-mail: mailto:rmeyer@mhsc.com Internet phone: hawk.lvrmr.mhsc.com Personal web pages: http://staff.mhsc.com/~rmeyer Company web-site: http://www.mhsc.com ___________________________________________________ KISS ... gotta love it!
Yes, this can be circumvented, but it would cost a lot more than the $70 for a domain registration. In addition, the whois server would know exactly who is mining the data and would be able to track them, even if they spread it out over months.
i suspect they know who the slime are already. the patterns must be rather clear. the problem is legally enforcable prevention or punisment which does not also impact legitimate use. e.g. folk railed against the current license-only access to zone files. but, imiho, it is better than the old-boys policy which preceeded it, which was better than the previous wide open policy. what is a good solution? randy
Randy Bush wrote:
i suspect they know who the slime are already. the patterns must be rather clear. the problem is legally enforcable prevention or punisment which does not also impact legitimate use.
e.g. folk railed against the current license-only access to zone files. but, imiho, it is better than the old-boys policy which preceeded it, which was better than the previous wide open policy. what is a good solution?
I would suggest forcing people to register to use the whois database. Make it open to anybody, with free registration, but require registration. Then restrict users to, say, 250 queries per day, which would radically slow the pace of mining, allow most people more queries than they would ever use in a 24-hour period, and would make it hard to resell the service. Now, you'd probably need some kind of exception program whereby with proper authorization, or something, certain users would have the 250 query limit eliminated, but at least you'd know who they were, and if they abused it, cut them off. -- Nick Bastin - RBB Systems, Inc. The idea that Bill Gates has appeared like a knight in shining armour to lead all customers out of a mire of technological chaos neatly ignores the fact that it was he who, by peddling second-rate technology, led them into it in the first place. - Douglas Adams
At 20:19 3/23/99 -0500, Nick Bastin wrote:
I would suggest forcing people to register to use the whois database. Make it open to anybody, with free registration, but require registration. Then restrict users to, say, 250 queries per day, which would radically slow the pace of mining, allow most people more queries than they would ever use in a 24-hour period, and would make it hard to resell the service. Now, you'd probably need some kind of exception program whereby with proper authorization, or something, certain users would have the 250 query limit eliminated, but at least you'd know who they were, and if they abused it, cut them off.
That's a pretty good idea. It works for hundreds of other sites, why not for WhoIs? Require a password (to help avoid account theft), but keep it free. "Small minds can only contemplate small ideas".....Unknown Dean Robb Owner, PC-EASY (757) 495-EASY [3279] On-site computer repair, upgrades and consultations Read my game reviews/columns in SimOps on WWW.TheGamers.Net
On Tue, 23 Mar 1999, Roeland M.J. Meyer wrote:
Yes, this can be circumvented, but it would cost a lot more than the $70 for a domain registration. In addition, the whois server would know exactly who is mining the data and would be able to track them, even if they spread it out over months.
Unless you're planning on enforcing passwords for contacts then I don't think it'd take all that much to SIMULATE a client, choosing random people from the whois database, and blaming other people for your whois queries. An even more intelligent system would use the tech contact for the LAST result as the requestor for the current one so that there would be no visible pattern. The source code for the client is going to be out there, so people will figure out how it works, reverse engineer a version that uses a forged, but existing, tech contact, and go on with their day. D ====================================================================== Derek J. Balling | "Bill Gates is a monocle and a white dredd@megacity.org | fluffy cat from being a villain in the http://www.megacity.org/ | next Bond film." - Dennis Miller ======================================================================
On Tue, Mar 23, 1999 at 04:59:45PM -0800, Derek Balling wrote:
Unless you're planning on enforcing passwords for contacts
I'm sorry, is this necessarily a bad thing? (I don't think so.) -- Steve Sobol sjsobol@nacs.net (AKA support@nacs.net and abuse@nacs.net) "The world is headed for mutiny/When all we want is unity" --Creed, "One"
On Tue, 23 Mar 1999, Steven J. Sobol wrote:
Unless you're planning on enforcing passwords for contacts I'm sorry, is this necessarily a bad thing? (I don't think so.)
No, its not necessarily a bad thing. :) I'd certainly agree its a good idea, but I was just pointing out that it would be a requirement for the system he was proposing. D ====================================================================== Derek J. Balling | "Bill Gates is a monocle and a white dredd@megacity.org | fluffy cat from being a villain in the http://www.megacity.org/ | next Bond film." - Dennis Miller ======================================================================
On Tue, Mar 23, 1999 at 04:59:45PM -0800, Derek Balling wrote:
Unless you're planning on enforcing passwords for contacts then I don't think it'd take all that much to SIMULATE a client, choosing random people from the whois database, and blaming other people for your whois queries. An even more intelligent system would use the tech contact for the LAST result as the requestor for the current one so that there would be no visible pattern.
The source code for the client is going to be out there, so people will figure out how it works, reverse engineer a version that uses a forged, but existing, tech contact, and go on with their day.
Can we say "PGP"? C'mon, folks; the engineering solutions to these problems are _trivial_. What is _not_ trivial is working the political process to bring pressure to bear on Netsol to make them _possible_. Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Buy copies of The New Hackers Dictionary. The Suncoast Freenet Give them to all your friends. Tampa Bay, Florida http://www.ccil.org/jargon/ +1 813 790 7592
At 08:46 PM 3/23/99 -0500, Jay R. Ashworth wrote:
The source code for the client is going to be out there, so people will figure out how it works, reverse engineer a version that uses a forged, but existing, tech contact, and go on with their day.
Can we say "PGP"? C'mon, folks; the engineering solutions to these problems are _trivial_. What is _not_ trivial is working the political process to bring pressure to bear on Netsol to make them _possible_.
Come on Jay.... NSI has shown their complete and total lack of clue when it comes to PGP. The PGP portion of Guardian is STILL broken. I have finally stopped caring about it now that it has been so long. ------------------------------------------------------------------ ML.ORG is gone. Check out http://www.EZ-IP.Net - It's *FREE* ------------------------------------------------------------------ Get your *FREE* Parked Domain account at http://www.EZ-Hosting.Com ------------------------------------------------------------------ John Fraizer | __ _ | The System Administrator | / / (_)__ __ ____ __ | The choice mailto:John.Fraizer@EnterZone.Net | / /__/ / _ \/ // /\ \/ / | of a GNU http://www.EnterZone.Net/ | /____/_/_//_/\_,_/ /_/\_\ | Generation PGP Key fingerprint = 7DB6 1CA2 DAA6 43DA 3AAF 44CD 258C 3D7E B425 81A8
On Wed, Mar 24, 1999 at 11:45:51AM -0500, John Fraizer wrote:
At 08:46 PM 3/23/99 -0500, Jay R. Ashworth wrote:
Can we say "PGP"? C'mon, folks; the engineering solutions to these problems are _trivial_. What is _not_ trivial is working the political process to bring pressure to bear on Netsol to make them _possible_.
Come on Jay.... NSI has shown their complete and total lack of clue when it comes to PGP. The PGP portion of Guardian is STILL broken. I have finally stopped caring about it now that it has been so long.
I'm sorry, John; did I give you the mistaken impression that I though NSI should be involved at all? :-) Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Buy copies of The New Hackers Dictionary. The Suncoast Freenet Give them to all your friends. Tampa Bay, Florida http://www.ccil.org/jargon/ +1 813 790 7592
"Roeland M.J. Meyer" <rmeyer@mhsc.com> wrote:
At 04:03 PM 3/23/99 -0800, Randy Bush wrote:
Randy we've been there - done that - the only answer is PREPAY.
that's one approach to the cybersquatter issue. like all solutions, it has it's good and bad points. but i meets my needs, so what the heck.
but this does not address the miner/spammer issues.
Actually it would if you also restrict whois to tech contacts. It would only take a slight modification for the whois client to read and send the uuid of the account doing the requesting. The whois server could then reply or deny, based on that information. The fact that one then has to have a domain in order to use the whois database, plus the pre-pay requirement, should slow them down a bit.
This would only work using a local whois client. Web and telnet-based whois would break due to their anonymity. OTOH, a limited response might be implemented for those. Or not.... It still sounds like a lot of work for the implementors who seem to have their hands full already. -ls-
Yes, this can be circumvented, but it would cost a lot more than the $70 for a domain registration. In addition, the whois server would know exactly who is mining the data and would be able to track them, even if they spread it out over months. ___________________________________________________ Roeland M.J. Meyer - e-mail: mailto:rmeyer@mhsc.com Internet phone: hawk.lvrmr.mhsc.com Personal web pages: http://staff.mhsc.com/~rmeyer Company web-site: http://www.mhsc.com ___________________________________________________ KISS ... gotta love it!
hypotheses: o the whois and zone data are needed for administrative and operational purposes o slime are abusing those data for spamming etc., which denizens of this list seem to hate almost as much as they hate nsi o slime are watching zone/whois changes to send immediate spam to new registrants 'use our wonderful services' o slime are doing massive domain squatting hoping to then extort high prices from more legitimate applicants o ...
if the above were true, and i believe that they are, what would the oh so brilliant and deeply experienced in large scale production systems readers of this list do to responsibly yet strongly inhibit such slimeful activity?
think about it seriously. i suspect there are no easy answers.
The first problem doesn't have a real solution (unless you consider a law that restricts freedom as a solution). The second problem can be fixed by requiring payment at or before domain registration. Ideally, there would be an automated method of doing this for high activity customers (WWW hosters & ISPs). -DG David Greenman Co-founder/Principal Architect, The FreeBSD Project
At 15:25 3/23/99 -0800, you wrote:
hypotheses: o the whois and zone data are needed for administrative and operational purposes o slime are abusing those data for spamming etc., which denizens of this list seem to hate almost as much as they hate nsi o slime are watching zone/whois changes to send immediate spam to new registrants 'use our wonderful services' o slime are doing massive domain squatting hoping to then extort high prices from more legitimate applicants o ...
Valid hypothesis, and NSI's justification for *some* of their actions. However, their own numbers (filed with the SEC) indicate that 30% of all domains go unpaid for *all reasons* (including speculation). That means that NSIs actions are hurting 100% of their customers to deal with a 30% problem. How serious a problem is cybersquatting? We don't know...all we know is that NSI *says* it's a problem, there is no independent verification or hard numbers available. Rather like making walking illegal to curb a minor jaywalking problem. Furthermore, there are a LOT of better ways to solve their speculation/spamming problem without hurting every single domain owner...like requiring prepay for domains unless registered by an approved registrar (such as an ISP, etc.). Furtherfurthermore, it's not helping solve the problem to redirect registrations to the NSI website, which is of course covered with NSI advertising. You already need a special license to access the root zone files, so your "argument" there is bogus. "Small minds can only contemplate small ideas".....Unknown Dean Robb Owner, PC-EASY (757) 495-EASY [3279] On-site computer repair, upgrades and consultations Read my game reviews/columns in SimOps on WWW.TheGamers.Net
We can get rid of the domain squatters by requiring prepayment. It is a very simple answer. As for the spammers, we need to enact "Spammer Season" wherein it is legal to enact whatever type of painful demise on them. This should only be legal during "Spammer Season" which I propose should start on 1 January and run through 30 December. We should use the 30 Dec - 1 Jan period to allow any "non-spammers" to flee known spammer habitat lest they be confused for pray during the season. Unlike deer season, the use of high-powered, fully automatic weapons should be encouraged, along with baiting, the use of explosives, etc. Rid the planet of these nasty vermin! When we are done, which will probably take several years of all out spambastard vs NetOps war, if NetSOL has not changed their practices, we can just change the name of the season to NetSOL season. I do believe that at that point, we would have to enact a few rules. Like, low level employees can only be put at risk of any nature if you have a clear shot at middle management. The use of thermonuclear weapons would be authorized in any situation where there is risk of or suspicion that upper level management are present. At 03:25 PM 3/23/99 -0800, you wrote:
hypotheses: o the whois and zone data are needed for administrative and operational purposes o slime are abusing those data for spamming etc., which denizens of this list seem to hate almost as much as they hate nsi o slime are watching zone/whois changes to send immediate spam to new registrants 'use our wonderful services' o slime are doing massive domain squatting hoping to then extort high prices from more legitimate applicants o ...
if the above were true, and i believe that they are, what would the oh so brilliant and deeply experienced in large scale production systems readers of this list do to responsibly yet strongly inhibit such slimeful activity?
think about it seriously. i suspect there are no easy answers.
randy
------------------------------------------------------------------ ML.ORG is gone. Check out http://www.EZ-IP.Net - It's *FREE* ------------------------------------------------------------------ Get your *FREE* Parked Domain account at http://www.EZ-Hosting.Com ------------------------------------------------------------------ John Fraizer | __ _ | The System Administrator | / / (_)__ __ ____ __ | The choice mailto:John.Fraizer@EnterZone.Net | / /__/ / _ \/ // /\ \/ / | of a GNU http://www.EnterZone.Net/ | /____/_/_//_/\_,_/ /_/\_\ | Generation PGP Key fingerprint = 7DB6 1CA2 DAA6 43DA 3AAF 44CD 258C 3D7E B425 81A8
On Tue, 23 Mar 1999, Steven J. Sobol wrote:
To add fuel to the fire, I continue to get snail mail for the Forum for Responsible and Ethical E-mail, from companies OTHER than NetSol. Now, I am well aware that, for example, many mailing lists got the address of a company I own from corporate filings and the information on my vendor's license. However, FREE is not yet incorporated, and the only record of any mailing address is on the domain record for spamfree.org.
Let me correct the record then: $ whois spamfree.org Registrant: The Forum for Responsible & Ethical E-mail (SPAMFREE5-DOM) PO Box 94117 Cleveland, OH 44101-6117 There. Now there is a record of the mailing list in every archive of the NANOG mailing list as well. -- Michael Dillon - E-mail: michael@memra.com Check the website for my Internet World articles - http://www.memra.com
root@Overkill primary]# whois "server NS17904-HST" [rs.internic.net] No match for server "NS17904-HST".
It worked a week ago, now, it doesn't.
Indeed. I suppose you *could* pull zone transfers for [com/net/org/edu/gov/mil] from f.root-servers.net daily, and then grep through the output for that info. It's definitely not fun, but hey --- it works. -a
At 17:43 3/23/99 -0500, John Fraizer wrote:
Well, so much for that argument. They have changed their policy again. The whois now lists more than 10 records again. (Thanks NetSOL... No, really. Thanks. .!..)
NSI is taking flamethrowers to the face on Domain-Policy. They did, in a modest attempt to quell the flames, return the records returned back to 50. They also killed off telnet access (not enough traffic), killed ftp.internic.net (not needed), killed ds.internic.net (AT&T hasn't done anything with it for a couple of years and lost their contract last year), and (for those that haven't noticed) redirected www.internic.net to www.networksolutions.com. Don't bother clueing Herndon. Clue your Congressperson. It's time for some serious investigation by the Big Boys. "Small minds can only contemplate small ideas".....Unknown Dean Robb Owner, PC-EASY (757) 495-EASY [3279] On-site computer repair, upgrades and consultations Read my game reviews/columns in SimOps on WWW.TheGamers.Net
On Tue, 23 Mar 1999, John Fraizer wrote:
Date: Tue, 23 Mar 1999 17:43:46 -0500 From: John Fraizer <John.Fraizer@EnterZone.Net> To: Derek Balling <dredd@megacity.org>, nanog@merit.edu Subject: Re: more Internic nightmare
[...]
They have taken the following away from us though:
root@Overkill primary]# whois "server NS17904-HST" [rs.internic.net] No match for server "NS17904-HST".
It worked a week ago, now, it doesn't.
...though it's been prone to regular "outages," as well... (it seems to work for about as much time as it's down -- though having only access to ten zones at a time is pretty useless anyway). Russell -- Russell M. Van Tassell russell@cscorp.com
participants (15)
-
Adam Rothschild -
David Greenman -
Dean Robb -
Derek Balling -
Jay R. Ashworth -
John Fraizer -
larrys@lexis-nexis.com -
Michael Dillon -
Nick Bastin -
Randy Bush -
Rich Sena -
Rodney Joffe -
Roeland M.J. Meyer -
Russell Van Tassell -
Steven J. Sobol