On Mon, 8 Jul 2019, John Bambenek wrote:
An interresting idea, but ....
Domain contact information over DNS provides a vehicle for
exchanging contact information in a programmatic and reliable
manner. DNS has a ubiquitous presence within the internet
infrastructure and will act as a reliable publication method for
contact information exchange.
It's not really reliable in the case of malicious DNS. The point for me
for using whois is hardly ever to find a domain contact, but to find
a way to step beyond the malicious registrant. WHOIS/RDAP lets me jump
to the Registrar.
In the case where you would want to reach the domain for non-malicious
purposes, a contact form on their website or using the SOA record email
address would (and does) work fine.
Appendix A and the Copyright notice at the top conflict or repeat.
As for some technical points:
- The WHOIS/RDAP can be rate limited, DNS queries can't.
- WHOIS can be recorderd historically, for DNS queries this is much
harder to do - especially if domains use a TTL=0 as default that
also applies to these records.
- One cannot know where zone cuts are (public suffix problem), so
mis-redirection can happen
- Which is more secure/valuable, the topmost _whois entries or the lower
ones? eg _whois.toronto.nohats.ca or _whois.nohats.ca.
- Use example.com, not exampledomain.com (see RFC 2606)
- sub-types in TXT records
You put everything under _whois.example.com but then use sub-typing
within the TXT record. Wouldn't it be better to use the prefix instead
of subtyping,eg:
_name._admin._whois.example.com IN TXT "Dan Draper"
_tel._admin._whois.example.com IN TXT "+1-555-123-4567"
_name._billing._whois.example.com IN TXT "Peggy Olson"
_email._techical._whois.example.com IN TXT "st...@example.com"
This would avoid awkward references to "aname" (which might become an
RRTYPE) or "tname", etc.
- The use of "all" is also a bit awkward.
In the end, I feel this effort shares most of its issues with the
"security.txt" efforts of https://tools.ietf.org/html/draft-foudil-securitytxt
which I also thought was not a good idea. See the various discussions
on the saag list there for details on trustworthiness of information,
and the multiple locations of information problem, which are problems
present here as well.
Paul
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
