On Mon, 21 May 2007, Chris L. Morrow wrote: > ok, so 'today' you can't think of a reason (nor can I really easily) but > it's not clear that this may remain the case tomorrow. It's possible that > as a way to 'better loadshare' traffic akamai (just to make an example) > could start doing this as well. > > So, I think that what we (security folks) want is probably not to > auto-squish domains in the TLD because of NS's moving about at some rate > other than 'normal' but to be able to ask for a quick takedown of said > domain, yes? I don't think we'll be able to reduce false positive rates > low enough to be acceptable with an 'auto-squish' method :(
Auto-squish on a registrar level is actually starting to work, but there is a long way yet.. As to NS fastflux, I think you are right. But it may also be an issue of policy. Is there a reason today to allow any domain to change NSs constantly? > > -Chris >