On Tue, Nov 27, 2007 at 04:19:50PM -0500, Edward Lewis wrote:
> At 8:57 PM +0000 11/27/07, [EMAIL PROTECTED] wrote:
>
> > as the admin of PDC.example.org ... however, it is
> > the Height of Arrogance to presume I can tell the rice.edu
> > or isi.edu people what IP addresses to use on their machines.
>
> The issue isn't between (say) moe.rice.edu and (say) ns.isi.edu, the
> issue is between example.org and (say) moe.rice.edu.
w/ you so far.
> > needs. Now the poor .org admin - he has to believe me when
> > i tell him what nameservers will be authoritative for example.org.
>
> .org doesn't need to believe example.org's claim. How does .org
> suffer if example.org mis-lists its servers? How does example.org
> suffer?
suffering is subjective. I expect you may be suffering this
exchange with the patience of Job.
.org gets a request from a legit client - in this case, example.org
to add a list of nameservers, some of which in in zone and some
are not.
> > and its prolly prudent for him to contact the admins of
> > ns.isi.edu and moe.rice.edu to collect the correct IP addresses
> > for those nodes... If I was the poor sod responsible for .org,
> > I would not really believe that the moron holding example.org
> > had done his homework and actually -KNEW- what the IP addresses
> > were for these nodes or was in a position to keep that data
> > current. but that would be me.
>
> I think the missing link here is knowing what is done with the
> collected IP addresses. In the following scenario there's no risk if
> the addresses are incorrect.
risk is also subjective.
>
> .org won't list the ns.isi.edu address in DNS, it won't be part of
> the operational fabric. But let's say someone is debugging a phishing
> attack (as this stemmed from an APWG thing) and they note that
> example.org is being served up by 127.0.3.12. They ask .org what IP
> addresses were reported for example.org and they find that the address
> being heard isn't one of the listed ones. At this point it would be
> wrong to conclude that the address is rogue, but it merits questioning
> to see if it's the case that example.org just didn't make an needed
> update (whether aware or not) or the address is indeed rogue.
but its not example.orgs call if ns.isi.edu changed its ip
address to 127.0.3.12... is it? that would be the call of the
admin for ns.isi.edu.
and if there were no contact information on that nameserver in
the form of a HOST record in the whois or comments (w/ glue) in
the DNS, then debugging an apparent problem is going to be much
harder. one could ask if its a service that the .org registry
is willing to offer on behalf of its clients and the Internet
community,
>
> At 1:03 PM -0800 11/27/07, David Conrad wrote:
>
> >secondary services. The IP addresses in use for the secondary service
> >should be part of that agreement.
>
> That too.
> --
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Edward Lewis +1-571-434-5468
> NeuStar
>
> Think glocally. Act confused.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www1.ietf.org/mailman/listinfo/dnsop
