Skip to Content.
Sympa Menu

discuss - Re: [opennic-discuss] Beginning test to reclaim confiscated domains

discuss AT lists.opennicproject.org

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] Beginning test to reclaim confiscated domains


Chronological Thread 
  • From: subhuman <discipline AT gmx.net>
  • To: discuss AT lists.opennicproject.org
  • Subject: Re: [opennic-discuss] Beginning test to reclaim confiscated domains
  • Date: Fri, 16 Dec 2011 05:07:31 +0100
  • List-archive: <http://lists.darkdna.net/pipermail/discuss>
  • List-id: <discuss.lists.opennicproject.org>

Just a shot in the dark:
I've been studying the RFC's concerning DNS for some weeks now, and
what I'm always stumbling upon is this ominous Z flag in the message
header. RFC 1035 declares it (p. 27) and states: "Reserved for future
use. Must be zero in all queries and responses." The funny thing is
that, as far as I can oversee the matter by now, no updating or
obsoleting RFC ever mentions that flag again. It seems to be simply
there, poor thing.

What if OpenNIC hijacks this flag - of course for internal purposes
only? Let's say, any record that points to or belongs to a domain we
don't trust will OpenNIC-internally delivered with the Z flag set!
Which means that those records/ domain names still exist (and thus
can't be re-assigned, hopefully), but we don't deliver them, neither to
the outer world, nor to clients within our namespace. Any "outgoing"
messages must of course have the flag set to zero, and the Response
RCODE might be something like NotAuth or NotZone, or even a ServFail -
who would care? The same would be returned to any client requesting
such a "smelling" record, whereas in traffic between DNS servers a
NoError and the usual response is transferred.

If a domain owner complains, we demand to see of what colour his hat
is. And if we decide it is white: Look there! Ain't that your domain?
Lucky you are!

--Martin

On Thu, 15 Dec 2011 17:08:59 -0600
Brian Koontz <brian AT pongonova.net> wrote:
>
> Seems to me that we need to be somewhat careful here. If we are seen
> as "safe harbor" for every site that gets its DNS records pulled, we
> could put our T1/T2 operators at risk. It might be a bit premature to
> be talking about this without exploring ways to mitigate the risk of
> individual admins.
>
> That said, we should revisit the idea of incorporating OpenNIC and
> having T1/T2 operations operate under the OpenNIC "umbrella." Short
> of this discussion, I'm really not all that hot to deal with another
> visit from the men in black...
>
> --Brian
> _______________________________________________
> discuss mailing list
> discuss AT lists.opennicproject.org
> http://lists.darkdna.net/mailman/listinfo/discuss


--
Volk ist Opium für eine Religion.




Archive powered by MHonArc 2.6.19.

Top of Page