To:
ietf-provreg@cafax.se
From:
Jens Wagner <jwagner@key-systems.net>
Date:
Wed, 29 Aug 2001 15:36:59 +0200
Sender:
owner-ietf-provreg@cafax.se
Subject:
Re: host transfers -- actually, out-of-zone-glue
Patrick wrote: > Jens, > > On Thu, Aug 23, 2001 at 04:03:14PM +0200, Jens Wagner took time to write: > > What happens if you associate some .com domains with ns1.vianetworks.nl, and > > the hijacker renames that host to ns1.hijacked.cx in the .com Registry? > > The Registrar handling a nameserver record should make sure to > receive authorization before updating it. In case of an gTLD > nameserver, he can get authorization from the contacts of the domain > (which is necessarily under its management), to change the name or > the IP. The change of name can be tricky, if the nameserver changes > domain, the authorization should be coming also from the new > contacts. If you change a nameserver name from ns1.vianetworks.nl to ns1.hijacked.cx you have no parent domain to check authorization against, at least in the c/n/o Registry. The authority of non-c/n/o nameservers remains usually their creator. > In case of ccTLDs, there is no IP, thus nothing to be changed. > In case of change of name, you must create the new record (with > whatever Registrar, since it's in a ccTLD), update your domains, and > delete the old one if necessary. > > Thus the case you described can not happen I think. 1. Hijacker registers ns1.vianetworks.nl 2. ViaNetworks registers domain1.com with the nameserver ns1.vianetworks.nl 3. Hijacker renames ns1.vianetworks.nl to ns1.hijacked.cx 4. Hijacker registers ns1.vianetworks.nl domain1.com would use the nameserver ns1.hijacked.cx, NOT ns1.vianetworks.nl Did I get anything wrong? > Again, the Registry has no concept of host handles. When you register > a domain name you provide *names* of nameserver, not some kind of > handle. When a nameserver changes its name, you need to change each > domain name concerned. Of course this can be automated at the > Registrar level. > > Regards, > Patrick. Imho a registry should not allow renaming nameservers with parent domains outside of their own TLD(s). Best regards, Jens Wagner