This is a coordinated hacking. (Was Re: Need help in flushing DNS) what point is the Internet a piece of infrastructure whereby we
actually need a way to watch this thing holistically as it is one system and
not just a bunch of inter-jointed systems? Who's job is it to do nothing but
ensure that the state of DNS and other services is running as it
should....who's the clearing house here.

The Internet: Discovering new SPOF since 1969!

:slight_smile: Thanks.

Perhaps we should setup a distributed system for checking things rather than
another SPOF. That's distributed both geographically and administratively
and using several code-bases.

In this context, I'd expect lots of false alarms due to people changing their
DNS servers but forgetting to inform their monitoring setup (either internal
or outsourced).

How would you check/verify that the communication path from the monitoring
agency to the right people in your NOC was working correctly?

I think ICANN would have to add a delay in where a request was sent out to
make sure everyone was on the same page and then what happens the couple
thousand (more) times a day that someone isn't updated or is

I think Netsol should be fined. Maybe even a class action suite filed
against them for lost business. And that's it.

Remember to consider the possible impact of a false-positive report over
an unauthenticated channel. Because if it's possible, somebody will try it,
just because they just want to watch stuff burn. :slight_smile:


I would be in favor of being able to pay two "competitive" to be
registrars for a domain, and assign them two roles:

"Registrar Primary"
and "Registrar Auditor"

With the requirement that all changes to the domain be initiated with
my "Primary Registrar",
AND no major change would be allowed to take effect until validated
by my secondary "change Auditor Registrar"

Including changes to NS records, DS records, contacts, unlocking,
renewal, deactivation, or transfers.

Essentially, forcing me to submit the same change to both registrars,
but denying either registrar the capability of forging authorization
or submitting changes that I had not authorized.

Also (in some measure) protecting me from identity theft, and other
security issues -- since there are now two accounts with two
providers, possibly with different authentication procedures.

So your contract with NetSol has an SLA guarantee in it, and you can
demonstrate that (a) said SLA has been violated and (b) that NetSol has not
made the contracted restitution?

"Registrar Primary" and "Registrar Auditor"

There are certainly registrars who are more security oriented than
Netsol. If you haven't followed all of the corporate buying and
selling, Netsol is now part of, so their business is more to
support web hosting than to be a registrar.

I expect that if you put your domain at Markmonitor or CSC corporate
domains, you would not have this problem, and you would pay

Hi Shawn.

Or you could vote with your feet, and wish then a "fine" g'day.


    John Souvestre - New Orleans LA - (504) 454-0899