On Fri, Jun 27, 2008 at 11:11 PM, Roger Marquis <[EMAIL PROTECTED]> wrote: > On Fri, 27 Jun 2008, Christopher Morrow wrote: >> >> I'd point out that FastFlux is actually sort of how Akamai does >> it's job (inconsistent dns responses) > > That's not really fast flux. FF uses TTLs of just a few seconds with > dozens of NS. Also, in practice, most FF NS are invalid. Not that FF has > a fixed definition... >
;; ANSWER SECTION: www.yahoo.com. 24 IN CNAME www.yahoo-ht3.akadns.net. www.yahoo-ht3.akadns.net. 57 IN A 69.147.76.15 akamai, 60 second TTL's... most of the FF things I've seen sit around 300seconds for NS and for A records. either way, this is 60 seconds which is fast enough. http://en.wikipedia.org/wiki/Fast_flux that goes fairly well to what I was referencing as FF and Double-Flux. >> Domain tasting has solutions on the table (thanks drc for >> linkages) but was a side effect of some >> customer-satisfaction/buyers-remorse loopholes placed in the >> regs... > > The domain tasting policy was, if I recall, intended to address buyers of > one to a few domains, not thousands. Would be a simple matter to fix, in a > functional organization. > sure, policy by committee I think drc made some references to that process. It's taking time :( > Yes, sorry, DHS. :-) At least they are sensitive to security matters and > would, in theory, not be as easily influenced by politics as was the NSF. I'm not sure that a us-focused law/regulatory answer serves 'the tubes' very well. Certainly DHS can help make things useful inside the US-Govt. they may also be able to help advise, but implementation is left to the operators and policy folks in ICANN + registries + registrars. -Chris
