In message <D1AC4482BED7C04DAC43491E9A9DBEC381AA4361@bkexchmbx02.blacknight.loc al>, "Michele Neylon :: Blacknight" <michele@blacknight.com> wrote:
On 27 Jun 2013, at 14:13, furio ercolessi <furio+as@spin.it> wrote:
Therefore the responsibility for terminating C&C domains lies on the registries, not on the DNS providers (that may not even exist).
Not necessarily.
If registries are going round the place pulling domains it causes headaches for registrars
Do you know what this is? ->.<- Answer: World's smallest violin. In short, any registrar who cannot cope with a reasonable action taken to defend the Internet from a botnet should get out of the business. The world does not revolve around them.
- and the registries don't have a contract / agreement with the registrant
Correct, and in this context, that is a Good Thing, because it means that they can kill a C&C domain and they are not breaking any contract when they do so. So what is the problem?
And I don't see how a domain can resolve without a DNS provider - that makes zero sense.
The criminals use hijacked machines of their own choosing (they usually have many to choose from) to supply whatever DNS they need. They have no reliance on traditional third-party suppliers of DNS, such as ISPs or registrars or dedicated DNS providers. (I suspect that this is what Furio was trying to say.)
The .AT and .LV cases have been two rather dramatic cases where the registries were sitting there doing nothing for a very long time, while the word spread among criminals that they were a 'safe haven'.
That's highly defamatory.
I don't think the managers of either ccTLD would appreciate anyone referring to them using that tone.
On this side of the pond, we have a saying... "If the shoe fits..."
Similar problems have then occurred in .PL and .RU as well.
Again - broad sweeping statements.
Again, broadly true. I _personally_ have cataloged tens of thousands of crooked fake pharmacy domains, all registered under the .RU ccTLD.
I'd take you more seriously if you referred to the current state of play and not some past issues that have been addressed
You really think that the problems with .RU have been "addressed"?? On what do you base this belief? Regards, rfg