Regarding registrar LOCK for panix.com
On Wed, 19 Jan 2005, Darrell Greenwood wrote:
customers' domains. Panix.com says its domain name was locked, and that despite this, it was still transferred. (r)
I seem to recall someone saying it wasnt locked, now theyre saying it was?
The information we have so far, indicates that it was not on Registrar LOCK at the registry at the time of the transfer. Regards, Bruce Tonkin
Oki all, I wasn't going to discuss this because it is potentially confusing, but as we're ratholing on registrar lock ... --- Some 60 plus days after a party acquired a domain, s/he initiated an "UNLOCK" at the user interface of the operator that had arrainged to acquire this particular domain. The transaction completed. The "loosing" registrar showed "unlocked", the "gaining" registrar saw the "unlocked" and proceeded with a transfer, which failed. The rrp.unlock() call actually never was made from the registrar to the registry, due to a transient network event between the operator network, and the "loosing" registrar network. The point is that locks aren't what they seem. This is a distributed system with many points of failure, not completely coherent, and it does matter from where one looks. Shorter form: error is possible. --- The registrant asked me to help. I called the operator. The CSR who took the call observed the inconsistency and re-issued the rrp.unlock(). Domain unlocked by jrandom-3rd-party in under two minutes. Granted, it was in an unusual state and the caller (me) knew more than the nice CSR. --- Posit a backhoe of unusual size operating near MIT, or that MIT does business out of Sri Lanka and the State of Nagaland has just dragged anchor across the SEA-ME-WE-III (again), or any of a dozen other real life events. We'd be chatting about the state in the central registry, not the failure to trigger a state change at the periphery of the system. --- It is possible to run a domain name based network service off of addresses provisioned by dhcp. It is possible to acquire a contiguous block, and to hold them for quite a long time. But that doesn't mean that it is sensible to build a network infrastructure for dynmaically provisioned resources. The transformation of the dns service from 1990 to the present has created dynmaic provisioned name resources -- the property absent in 1990, the "competitive" registrar, is dynamic, and hence so is everything else. I picked 1990 because Panix is 15 year old. I think the fundamental issue is that things that ought to be wicked stable, are in fact not. Everyone is free to draw their own conclusions, and act as they see fit, its all just risk management anyway, but if the design respected this user community, we wouldn't be reading that the correct competitive registrar can manage the risk. --- This is my last note on the subject. Eric
At 12:22 AM 20-01-05 +0000, Eric Brunner-Williams in Portland Maine wrote:
I picked 1990 because Panix is 15 year old.
And not to forget that Panix was the 1st victim ever of a SYN attack in Sept 1996: http://www.panix.com/press/synattack.html http://www.panix.com/press/synattack2.html Seems like someone out there just luvs Panix! :-) -Hank
And not to forget that Panix was the 1st victim ever of a SYN attack in Sept 1996: http://www.panix.com/press/synattack.html http://www.panix.com/press/synattack2.html
And due to coordinated action between members of the NANOG mailing list and the FIREWALLS mailing list, within 24 hours, there were patches made available for Linux and various BSD kernels that mitigated these attacks. This type of an event shows the real power of the NANOG mailing list to communicate in a crisis. If only we could extend this communication to other media (INOC-DBA) and to include representatives of more network operators. I hope that the NANOG reform discussion spends a good bit of its time on articulating a vision for the future of a membership-based NANOG organization, and not worry so much about past problems. --Michael Dillon
On Thu, 20 Jan 2005 13:18:03 +0000, Michael.Dillon@radianz.com <Michael.Dillon@radianz.com> wrote:
I hope that the NANOG reform discussion spends a good bit of its time on articulating a vision for the future of a membership-based NANOG organization, and not worry so much about past problems.
That is something I am working on, as it strikes me as a really good way to bring more asian operators into the mainstream. A clueful contact at an ISP prevents people dropping in blackhole routes and access.db entries for huge netblocks when they see the first sign of abuse from out of there ... which would be a very good thing. INOC-DBA does get talked about on several other operator lists like apricot and sanog .. but there's not nearly enough adoption yet. I'm still hopeful about seeing it grow in popularity and get some critical mass. -- Suresh Ramasubramanian (ops.lists@gmail.com)
on 1/19/05 6:46 PM, Bruce Tonkin at Bruce.Tonkin@melbourneit.com.au wrote:
The information we have so far, indicates that it was not on Registrar LOCK at the registry at the time of the transfer.
Bruce, It is well known that the date of transfer of the panix.com domain from Dotster to Melbourne IT was on January 15 (EST). Can you tell us the date when the transfer request was initially solicited by the client of Melbourne IT's reseller? -Richard
Bruce Tonkin wrote:
The information we have so far, indicates that it was not on Registrar LOCK at the registry at the time of the transfer.
No, the information we have so far is that it *WAS* supposed to be on registrar-lock! Quoting Alexis Rosen, forwarded by TLS, Sun, 16 Jan 2005 07:08:59 +0000: ... Our understanding is that we had locks on all of our domains. However, when we looked, locks were off on panix.net and panix.org, which we own but don't normally use. [Your Honor, maybe she locked the door, but the door company didn't install it correctly, otherwise I couldn't have ripped it off the hinges and gone in and raped her; it's the door company's fault.] Stop blaming the victim! Stop blaming anybody else. This was a Mel-IT error. -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
participants (7)
-
Bruce Tonkin
-
Eric Brunner-Williams in Portland Maine
-
Hank Nussbacher
-
Michael.Dillon@radianz.com
-
Richard Parker
-
Suresh Ramasubramanian
-
William Allen Simpson