To:
Urs Eppenberger <urs.eppenberger@switch.ch>
Cc:
ietf-provreg@cafax.se
From:
Patrick <patrick@gandi.net>
Date:
Wed, 7 Feb 2001 11:24:11 +0100
Content-Disposition:
inline
In-Reply-To:
<2846336.981536253@pbue.switch.ch>; from urs.eppenberger@switch.ch on Wed, Feb 07, 2001 at 08:57:33AM +0100
Sender:
owner-ietf-provreg@cafax.se
User-Agent:
Mutt/1.2.5i
Subject:
Re: draft-hollenbeck-grrp-reqs-06 [Was Re: Interim Meeting]
On Wed, Feb 07, 2001 at 08:57:33AM +0100, Urs Eppenberger took time to write: > --On Montag, 5. Februar 2001 20:38 Uhr +0100 Patrick <patrick@gandi.net> > wrote: > > > Right... because you do not use ns1.foobar.com and ns2.foobar.com as > > nameserver. In your case, someone just polluted the database. > > As soon as your domain use ns{1,2}.foobar.com, you are hijacked... > > > > That is inconvenient, since when the true owner will want to register > > them for its true use, the Registry might not allow him, since they > > already exist (with bogus data). How do you control who can change > > the IP ? > > You can get easy around this hijack problem. Just use the host name as the > object handle (or database key). Reverselookup must work. In such a case > you as holder of foobar.com has authority over *.foobar.com, generally you > can walk over to that guy and knock him. So, if a 'wrong' owner registered ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ what does that mean ? > a bogus hijack-nameserver, that wrong owner sits close. You most probably > have administrative control in your company over such a situation and there > is no need for the registry or for the protocol to ensure a correct > behaviour inside third party organisations. I'm sorry, maybe because i'm not English, but I do not understand this. The problem remains in my POV : if someone claims to ``own'' a nameserver, how do you authentify that claim ? You do a reverse lookup on the name, and obtain an IP. And then ? How do you know it is correct or not ? Sorry for asking, I just do not understand. But it is true that the hostname can be the key. Still we need attributes attached to it I think. Patrick.