Re: [DNSOP] Always registering the IP address of the name servers during a delegation?

Tue, 27 Nov 2007 13:20:17 -0800 

At 8:57 PM +0000 11/27/07, [EMAIL PROTECTED] wrote:


        as the admin of PDC.example.org ... however, it is
        the Height of Arrogance to presume I can tell the rice.edu
        or isi.edu people what IP addresses to use on their machines.



The issue isn't between (say) moe.rice.edu and (say) ns.isi.edu, the 
issue is between example.org and (say) moe.rice.edu.



        needs.  Now the poor .org admin - he has to believe me when
        i tell him what nameservers will be authoritative for example.org.



.org doesn't need to believe example.org's claim.  How does .org 
suffer if example.org mis-lists its servers?  How does example.org 
suffer?



        and its prolly prudent for him to contact the admins of
        ns.isi.edu and moe.rice.edu to collect the correct IP addresses
        for those nodes...  If I was the poor sod responsible for .org,
        I would not really believe that the moron holding example.org
        had done his homework and actually -KNEW- what the IP addresses
        were for these nodes or was in a position to keep that data
        current.  but that would be me.



I think the missing link here is knowing what is done with the 
collected IP addresses.  In the following scenario there's no risk if 
the addresses are incorrect.


  .org won't list the ns.isi.edu address in DNS, it won't be part of
  the operational fabric.  But let's say someone is debugging a phishing
  attack (as this stemmed from an APWG thing) and they note that
  example.org is being served up by 127.0.3.12.  They ask .org what IP
  addresses were reported for example.org and they find that the address
  being heard isn't one of the listed ones.  At this point it would be
  wrong to conclude that the address is rogue, but it merits questioning
  to see if it's the case that example.org just didn't make an needed
  update (whether aware or not) or the address is indeed rogue.

At 1:03 PM -0800 11/27/07, David Conrad wrote:


secondary services.  The IP addresses in use for the secondary service
should be part of that agreement.


That too.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis                                                +1-571-434-5468
NeuStar

Think glocally.  Act confused.

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www1.ietf.org/mailman/listinfo/dnsop























					Reply via email to