IETF provreg mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: ietf-provreg@cafax.se
From: Jens Wagner <jwagner@key-systems.net>
Date: Wed, 29 Aug 2001 15:36:59 +0200
Sender: owner-ietf-provreg@cafax.se
Subject: Re: host transfers -- actually, out-of-zone-glue

Patrick wrote:

> Jens,
>
> On Thu, Aug 23, 2001 at 04:03:14PM +0200, Jens Wagner took time to write:
> > What happens if you associate some .com domains with ns1.vianetworks.nl, and
> > the hijacker renames that host to ns1.hijacked.cx in the .com Registry?
>
> The Registrar handling a nameserver record should make sure to
> receive authorization before updating it. In case of an gTLD
> nameserver, he can get authorization from the contacts of the domain
> (which is necessarily under its management), to change the name or
> the IP. The change of name can be tricky, if the nameserver changes
> domain, the authorization should be coming also from the new
> contacts.

If you change a nameserver name from ns1.vianetworks.nl to ns1.hijacked.cx you
have no parent domain to check authorization against, at least in the c/n/o
Registry.
The authority of non-c/n/o nameservers remains usually their creator.

> In case of ccTLDs, there is no IP, thus nothing to be changed.
> In case of change of name, you must create the new record (with
> whatever Registrar, since it's in a ccTLD), update your domains, and
> delete the old one if necessary.
>
> Thus the case you described can not happen I think.

1. Hijacker registers ns1.vianetworks.nl
2. ViaNetworks registers domain1.com with the nameserver ns1.vianetworks.nl
3. Hijacker renames ns1.vianetworks.nl to ns1.hijacked.cx
4. Hijacker registers ns1.vianetworks.nl

domain1.com would use the nameserver ns1.hijacked.cx, NOT ns1.vianetworks.nl

Did I get anything wrong?

> Again, the Registry has no concept of host handles. When you register
> a domain name you provide *names* of nameserver, not some kind of
> handle. When a nameserver changes its name, you need to change each
> domain name concerned. Of course this can be automated at the
> Registrar level.
>
> Regards,
> Patrick.

Imho a registry should not allow renaming nameservers with parent domains outside
of their own TLD(s).

Best regards,

Jens Wagner

References:
- RE: host transfers -- actually, out-of-zone-glue
  - From: "Hollenbeck, Scott" <shollenbeck@verisign.com>
- Re: host transfers -- actually, out-of-zone-glue
  - From: Jens Wagner <jwagner@key-systems.net>
- Re: host transfers -- actually, out-of-zone-glue
  - From: Patrick <patrick@gandi.net>

Prev by Date: Re: host transfers -- actually, out-of-zone-glue
Next by Date: Re: host transfers -- actually, out-of-zone-glue
Prev by thread: Re: host transfers -- actually, out-of-zone-glue
Next by thread: Re: host transfers -- actually, out-of-zone-glue
Index(es):
- Date
- Thread

Home | Date list | Subject list