-----BEGIN PGP SIGNED MESSAGE-----
While I agree with you, there are many of us who know that these
fast-flux hosts are malicious due to malware & malicious traffic
Oh, so we switched from 'the domain is bad because..' to 'the hosts using
the domain are bad because...' I wasn't assuming some piece of intel at
the TLD that told the TLD that 'hostX that was just named NS for domain
foo.bar is also compromised'. I was assuming a s'simple' system of
'changing NS's X times in Y period == bad'. I admit that's a might naive,
but given the number, breadth, content, operators of lists of 'bad things'
on the internet today I'm not sure I'd rely on them for a global decision
making process, especially if I were a TLD operator potentially liable for
removal of a domain used to process real business
Well, I don't think I ever implied that, but let's say that there
are certainly some fast-flux behavior (fluxing across multiple
administratively managed prefix blocks, NS fast-flux) which should
immediately raise a red flag.
Decisions based on those flags are policy issues -- whether or not
someone decides to take action upon only on that information or do
further research, is something that has to be determined by the
person(s) who detect the behavior, etc.
Having said that, most people don't even realize that fast-flux
- - ferg