Re: Network Solutions domain transfer lock policy?
On Mon, Nov 19, 2007 at 05:59:11PM -0500, Deepak Jain wrote: I just became aware of an SOP at Network solutions. On a contact change to a domain, they automatically transfer lock the domain for 60 days. You might want to ask them, but I'd bet lunch this is an anti-domain-theft policy. If one is engaged in taking other registrants' domains, a trick to it is to update the contact data and then transfer the registration to another registrar. In so-called thin registries (i.e. where the contact data isn't also supposed to be stored in the registry), this leaves the history of the domain at a registrar with whom the (ex hypothesi illegitimate) registrant does not have a relationship, and that makes getting the domain name back to its original registrant that much harder. I can see that this can have some unfortunate effects, particularly in large organisations where different people might be resonsible for data correctness and domain name registration management, but I think it probably is an effort to protect people from one kind of attack that's been seen. A -- Andrew Sullivan 204-4141 Yonge Street Afilias CanadaToronto, Ontario Canada [EMAIL PROTECTED] M2P 2A8 +1 416 646 3304 x4110
Re: Hey, SiteFinder is back, again...
On Sun, Nov 04, 2007 at 08:32:25AM -0500, Patrick W. Gilmore wrote: A single provider doing this is not equivalent to the root servers doing it. You can change providers, you can't change . in DNS. This is true, but Verisign wasn't doing it on root servers, IIRC, but on the .com and .net TLD servers. Not that that's any better. The last time I heard a discussion of this topic, though, I heard someone make the point that there's a big difference between authority servers and recursing resolvers, which is the same sort of point as above. That is, if you do this in the authority servers for _any_ domain (., .com, .info, or .my.example.org for that matter), it's automatically evil, because of the meaning of authority. One could argue that it is less evil to do this at recursive servers, because people could choose not to use that service by installing their own full resolvers or whatever. I don't know that I accept the argument, but let's be clear at least in the difference between doing this on authority servers and recursing resolvers. A -- Andrew Sullivan 204-4141 Yonge Street Afilias CanadaToronto, Ontario Canada [EMAIL PROTECTED] M2P 2A8 +1 416 646 3304 x4110
Re: Hey, SiteFinder is back, again...
On Mon, Nov 05, 2007 at 11:52:02AM -0500, Patrick W. Gilmore wrote: authority for a TLD is bad, because most people don't have a choice of TLD. (Or at least think they don't.) I don't think that's the reason; I think the reason is that someone who needs to rely on Name Error can't do it, if the authority server is set up in such a way as to hand out falsehoods. But if I want to put in a wildcard for *.ianai.net, then there is nothing evil about that. In fact, I've been doing so for years (just 'cause I'm lazy), and no one has even noticed. It is my domain, I should be allowed to do whatever I want with it as long as I pay my $10/year and don't use it to abuse someone else. I'm not sure I agree. I think that it's probably true that, if you have a wildcard that actually resolves so that everyone can use the services they thought they were trying to talk to, there's no basis for complaint (to the extent one thinks wildcards are a good idea). But if you're doing wildcarding so that people get all manner of strange results if they happen not to be arriving on port 80, then I think it's evil in any case. I _also_ think it's evil to serve wildcards on authority servers for largeish (100s, anyway) zones, in almost every case. If the domain gets big enough that you have that many hosts, then others' ability to diagnose surprises depends partly on their ability to get meaningful answers about what things are and are not out there on the net. For very small domains, perhaps there is some argument that the user community is so small that the benefit outweighs the costs. But in truth, if I had my 'druthers, I'd go back in time and eliminate the wildcard feature from the outset, at least for the public Internet. (I can see an argument in split-view contexts, note.) And no, it isn't your domain. This is one of the pervasive myths of the namespace -- one that has been expanding as privatisation of the DNS has become the norm. The truth is that namespaces are rented, and are subject to all manner of terms and conditions. If you don't believe me, read your contract with your registrar. There are current conditions about labels' relations to other labels, for example, in all gTLDs (these are the UDRP policies). There are rules about what you may and may not register in .aero or .pro, and what you must and must not do with the resulting domain once you've been approved. Many country codes have rules about residency, and if you move you will find you lose your domain as well. Policy -- or, I suppose, politics -- is what constrains TLDs from enforcing more stringent additional rules. I can't make up my mind whether a no wildcard, ever policy would in fact be a good one to have. But it is surely open, and something that could be imposed on gTLD regisrtations with sufficient support inside ICANN. (There are some rather tricky regulations in this area, though.) Hijacking user requests on caching name servers is very, very bad, because 1) the user probably doesn't know they are being hijacked, and 2) even if the user did, most wouldn't know how to get around it. So you're back to the TLD authority problem, there is no choice in the matter. This is the response I expected, but I have to say that I'm frustrated by the answer, even during the alternate hours when I agree with it. What we're really saying in this case (and I mean we, because I say similar things often enough) is that consumer choice is an uninteresting lever, because most consumers are mindless sinks who'll take whatever's given to them. If that's the case, why is everyone furious when various kinds of heavy regulations are proposed? We can't have libertarian paradise and guaranteed correct behaviour simultaneously. Libertarians claimed historically that this dilemma could be solved by market mechanisms. If the market mechanism won't actually work, though, what alterantive correction do you have to propose beyond some government sets the rules, and enforces them? Isn't that regulation? A -- Andrew Sullivan 204-4141 Yonge Street Afilias CanadaToronto, Ontario Canada [EMAIL PROTECTED] M2P 2A8 +1 416 646 3304 x4110
Re: [policy] When Tech Meets Policy...
On Wed, Aug 15, 2007 at 02:38:48PM -0500, Al Iverson wrote: I'm curious: What valid, legitimate, or likely to be used non-criminal reasons are there for domain tasting? Making money on the basis of the published policies of a registry? If this were some sort of Web 2.0 application, everybody would be impressed with the mash up the domainers had managed to spot: you take a bit of capital, a grace period without any clear rules for its application, and another application on the web (Google, in this case), and in one go you produce revenue out of some domains and none out of others. By learning which ones are poor earners, you learn things about which kinds of names are (at least currently) likely to attract web traffic. You therefore learn which pool of names _do_ attract traffic, and which will therefore be profitable. It isn't plain to me that all this speculation is even bad. When people do it with land or stocks, we don't seem to mind too much. From my point of view, it's too bad that the registries have to carry the cost without getting any benefit from it. Some registries have introduced methods to try to recover some of their costs when dealing with this sort of behaviour. But I don't believe that there's anything criminal, or even invalid or illegitimate (whatever those would mean in respect of domain names) going on. A -- Andrew Sullivan 204-4141 Yonge Street Afilias CanadaToronto, Ontario Canada [EMAIL PROTECTED] M2P 2A8 jabber: [EMAIL PROTECTED] +1 416 646 3304 x4110
Re: Where did freeipdb IP utility site go?
On Fri, Jul 27, 2007 at 12:40:59PM -0400, Barry Shein wrote: I know postgresql has an ipv6 type but I was hoping for something more portable. I am a PostgreSQL weenie, I admit, but if you can at all use it, I strongly suggest you use the inet and cidr datatypes in PostgreSQL for this. Alternatives often give up the data rigour that you get from a datatype. Portability is often a target that forces you to give up all the nice features that you got when you chose your RDBMS. I suppose in other systems, you could put a trigger on a varchar() or whatever field that would validate the address on the way in. That's what I'd do if I had to give up the datatype. A -- Andrew Sullivan 204-4141 Yonge Street Afilias CanadaToronto, Ontario Canada [EMAIL PROTECTED] M2P 2A8 jabber: [EMAIL PROTECTED] +1 416 646 3304 x4110
Re: ICANN registrar supporting v6 glue?
On Fri, Jun 29, 2007 at 01:57:04PM -0700, Barrett Lyon wrote: Neustar/Ultra's .org gtld registration services apparently do not As a point of clarification, Neustar Ultra Services has exactly nothing to do with registration of .ORG domain names. That's a function of Public Interest Registry, who contracts the technical operations of the registry to Afilias (my employer). Neustar Ultra is one of the providers of DNS services for .org, but they have nothing to do with the registration side. I'm not in a position to state when PIR is planning to accept IPv6 records in the zone, although I am aware that there are plans to do it in the near future (you'd have to take it up with PIR, because they make the registry policies). I will note that .info (which Afilias operates) accepts IPv6 addresses today, but as far as I can tell registrars just don't care. If this is something you want, you need to talk to the registrars. Also, Yet, .org does provide a v6 resolver: b0.org.afilias-nst.org. 86400 IN 2001:500:c::1 that happens not to be a Neustar Ultra Services operated nameserver. There are some servers operated by NUS, authoritative for .org, that _do_ speak IPv6, however. A -- Andrew Sullivan 204-4141 Yonge Street Afilias CanadaToronto, Ontario Canada [EMAIL PROTECTED] M2P 2A8 jabber: [EMAIL PROTECTED] +1 416 646 3304 x4110