Re: PAB I got the feathers, warm up the tar.

From: Dan Busarow (dan@dpcsys.com)
Date: Thu Oct 15 1998 - 19:19:33 PDT


On Fri, 16 Oct 1998, Robert F. Connelly wrote:
> As I listened to the day's testimonies in Stanford, it occurred to me that
> it would be possible for the registry to automatically PING to the domains
> of the Email addresses for Administrative Contact, Technical Contact,
> Billing Contact, primary and secondary DNS servers. (By "domains of the
> Email addresses" I mean if the Email address is "charlie@hometown.com",
> then PING "hometown.com.)

Sorry Bob, doesn't work that way. I'm sure you know that dan@dpcsys.com
is a good email address, try pinging dpcsys.com

There's no requirement that a domain have a DNS A record, and in
fact I generally do not assign one. "A" records are only assigned
to real hosts in that domain. If I do assign an "A" record it will
point at the web host for that domain, not the mailserver.

There are other failure modes too, but that's probably the most common.

> My original sample was 84. I selected 21 or 25% for analysis. One record
> had both DNS entries bad, one had one DNS name bad, ten had bad Email domains.

Check the name server records by doing a name lookup on the domain.
This is reliable (but NSI has resisted implementing it).

Pinging the name server is meaningless. Even if it answers it may
not be supplying name service for the domain.

> How could errors of this type affect us as CORE Registrars?
>
> Toward the end of the afternoon in Stanford, a representative of Cisco made
> this statement: "These problems with bad data only started in 1995 when
> NSI stopped *administrating* the registration process". He was referring
> to the fact that SAIC acquired NSI and then showed it how to turn domain
> name registration into a money machine.
>
> Think about that!

I'd lay the blame on the changing Internet population rather than any
change on NSI's part. To my knowledge NSI has never checked for lame
delegations. Pre '95, peer pressure kept things cleaner (though never
perfect).

> Put it in the context of the proposal by many speakers who proposed that
> registrants be required to designate the *registrar* to accept service of
> process:-{ Can you imagine what will go through the mind of the registrar
> when the first "hot potato" Summons arrives at his or her front stoop?
>
> Other speakers (I think AT&T was one of them) thought that 1. the
> registrar, 2. the registry and 3. ICANN or IANA should *all* be designated
> to accept service of process on behalf of the registrant. If and when that
> happens, registrars will want to have correct data!

The *only* way to verify an email address is to send mail to the address
and get a response. You could require a response to a "your new domain
is almost ready" message before completing the registration. That
could also be done for renewals. Further testing at shorter intervals
seems unlikely to fly.

Dan

-- 
 Dan Busarow, PAB Deputy Chair                                949 443 4172
 Dana Point Communications, a California corporation        dan@dpcsys.com
 Dana Point, California  83 09 EF 59 E0 11 89 B4   8D 09 DB FD E1 DD 0C 82



This archive was generated by hypermail 2b29 : Sun Jan 30 2000 - 03:22:36 PST