Internic hosage (fwd)


> I think the world is missing something (*). ".to" is the TLD registered to
> Tonga. They are doing a nice line in registering domain names thankyou.
> Internic/NSI's whois server is not authorative for them.

Let's delve into the technical a bit, shall we? Host records are in place
so that authorization info can be associated with the hosts that are
registered as nameservers for a domain. One would expect that a host

Well arguably to prime glue records is the main point, which I think
you agree with below.

registered with the Internic would at some point in time be listed as a
nameserver on an Internic domain name registration.

When a host is listed as a nameserver on an Internic domain name
registration, e.g., it is listed in the Internic zone, i.e.
.com, as a glue record. If your nameserver happens to resolve
it will also learn the addresses from the glue records, thus if at some
later point in time one of your customers attempts to access your nameserver will deliver the address learned from
the glue record and will not query the domain nameserver.

Yes I am familiar with this, but...

I don't know whether these people actually did hijack the address of or whether they were just preparing to do so. And I
don't know whether more recent versions of BIND can ignore glue records
which would mean that they only partially hijacked the host name.

Of course the Internic web pages claim that a host record can only be
changed by the technical contact of the domain in question. Since they
have no record in their database of a technical contact for the
question is, why did they allow this info to be registered in the first

... all I was saying is there is an innocent explanation for this I think.
Which is the domain owners got the original registration of the glue/host
record in there (which is unnecessary as it's a glue for a domain not
held at Internic - it should be a glue in .to or whatever), and this
could get in there because the Internic's glue record checking is/has been
broken for a long long while. They then changed their nameserver address.

I believe this to be likely because I have empirical evidence. We did this
foolishly a long while ago with the same result. I registered 2 domains, and, later,; As I had
already set up, foolishly I set it as the nameserver for This
is/was a bad bad thing to do as the code at the Internic barfed on this
and said the namserver didn't exist (as it wasn't in an Internic domain). The
fix was for them to insert what is now known as a host record. Which they
did. Then we tried to change the IP address of But, lo
and behold, the old host record of course stayed there. In this instance
we couldn't modify it even when we tried. Sigh...

Substitute for and the above seems
remarkably similar. The only people doing DoS for at the
time with the Internic. It only took a few weeks to sort it out.

You are correct that however that there are various sanity checks missing
from the host record stuff that *might* be able to be used as DoS. Probably
publishing them on NANOG is a bad plan.