<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: [anti-spam-wg@localhost] New spammer DNS trick


On Sun, 25 Jan 2004, der Mouse wrote:

> nepzzz.com is spamvertised.  Its registration specifies nameservers in
> nictxt.com.  nictxt.com has been taken over by its registrar,
> apparently for invalid contact info (and good for them).  But they
> didn't go quite far enough; while querying the gtld-servers.net servers
> for nictxt.com returns NXDOMAIN, querying them for nepzzz.com returns
> delegation NS records under nictxt.com _with glue A records_, thereby
> defeating the registrar's attempted removal of the domain.
 
> In each case, I sent a message suggesting that rather than just
> pointing it at their own servers, they point the domain at the names
> the spammers used (which require glue records) but supply glue pointing
> to the registrar's server(s), thereby getting the glue the spammers
> injected into the gtld-servers system replaced.

Shouldn't the Registries just not accept bogus glue instead? netpzzz.com
should never have NS/A glue for itself in the .com zone if it's using nictxt.com
nameservers.

Maybe Bill Gates's stupid comment about spam being dead in two years means 
Microsoft is going to roll-out their DNSSEC aware resolver soon? :)

Paul, dreaming...

 




<<< Chronological >>> Author    Subject <<< Threads >>>