Vixie declares war on domain name crooks
Bad news for domain name speculators?
Paul Vixie of the Internet Systems Consortium has plans to bring the equivalent of an anti-spam blacklist to the DNS itself.
The Response Policy Zones spec, drafted by Vixie and Vernon Schryver of Rhyolite, is designed to allow ISPs, for example, to block domains based on standardized reputation data.
In this blog post, Vixie writes that the next version of BIND will include the technology. ISC has also made patches available for those who want to test RPZ now.
This kind of technology has been available for mail servers for years, and can be found to an extent in desktop software and search engines, but RPZ would bake it into the DNS itself.
For users behind a recursive name server implementing RPZ, domains with bad reputations would either not resolve or would be redirected elsewhere.
It would not, however, provide a mechanism to wildcard non-existent domain data and bounce surfers to search/advertising pages. Many ISPs already do that anyway.
If you speculate at all in domain names, the opening paragraphs are probably the most interesting part of the post (my emphasis):
Most new domain names are malicious.
I am stunned by the simplicity and truth of that observation. Every day lots of new names are added to the global DNS, and most of them belong to scammers, spammers, e-criminals, and speculators.
I’m sure there’s a fair few law-abiding speculators reading this who won’t be happy being lumped in with criminals and spammers.
Luckily for them, Vixie said that the ISC will limit itself to providing the technology and the specification; it will not act as a reputation service provider.
The ISC is the Microsoft of the DNS, BIND its Windows, so we could expect a fairly broad level of adoption when the technology becomes available.
Vixie’s post, also published at CircleID, is well worth a read. If anything, it certainly goes a way to cement Vixie’s reputation as the grumpy old man of the DNS.
Recent Comments