Weblog entry #337 for simonw
See all weblog entries made by simonw.
#337
Domain suspension is flawed as anti-fraud measure
Posted by simonw on Wed 24 Jun 2009 at 20:24
Netcraft just published an article bemoaning the slow response of registrars in dealing with fraudulent websites but it omits a key point.
The DNS architecture is flawed in regard of the hierarchy. There is no way to tell when a domain is deleted or expired what domains are hosted on name servers in that domain. One can only tell what domains aren't hosted on name servers in that domain.
Now most domains don't have name servers, so most of the time
suspending a domain name has no such effect, but some domains do, and suspending it will stop any domains which have name servers in that domain from working.
Suspending domains is thus like lopping branches of a tree, a tree whose branches are all the same thickness so provide no clue to how much tree is on the end of it. Most of the branches you prune turn out to be twigs, but every so often you'll lop off a big chunk of tree by accident.
We use nameservers in two domains to prevent such a single point of failure, but many domains don't do this including "." "com." "net." "co.uk." "microsoft.com." oh and "netcraft.com.". And I've seen enough plugs pulled on sites causing collateral damage to know this will eventually happen if registrars get too keen at dropping domain names without detailed investigation.
http://news.netcraft.com/archives/2009/06/22/faster_actions_needed_against_phishing_domains.html
The DNS architecture is flawed in regard of the hierarchy. There is no way to tell when a domain is deleted or expired what domains are hosted on name servers in that domain. One can only tell what domains aren't hosted on name servers in that domain.
Now most domains don't have name servers, so most of the time
suspending a domain name has no such effect, but some domains do, and suspending it will stop any domains which have name servers in that domain from working.
Suspending domains is thus like lopping branches of a tree, a tree whose branches are all the same thickness so provide no clue to how much tree is on the end of it. Most of the branches you prune turn out to be twigs, but every so often you'll lop off a big chunk of tree by accident.
We use nameservers in two domains to prevent such a single point of failure, but many domains don't do this including "." "com." "net." "co.uk." "microsoft.com." oh and "netcraft.com.". And I've seen enough plugs pulled on sites causing collateral damage to know this will eventually happen if registrars get too keen at dropping domain names without detailed investigation.
http://news.netcraft.com/archives/2009/06/22/faster_actions_needed_against_phishing_domains.html