[DNSfirewalls] domaincontrol?

Paul Vixie paul at redbarn.org
Tue Aug 27 10:27:33 UTC 2013



Jeff Chan wrote:
> You probably don't want to do that.  Domaincontrol is GoDaddy, who
> service many millions of legitimate domains.

you're probably right. but the engineering economics may favour a
whitelist approach, given that godaddy's success is linked to volume.
since this is my home resolver, i can wait to see if there's anything
'legitimate' according to my local policy that's served by that address
block. among the 1E6 names i glanced at, there was nothing but dreck.

merchandizeliquidators.biz. IN NS ns36.domaincontrol.com.
meridianretailsupplies.biz. IN NS ns36.domaincontrol.com.
metamorphosisnutrition.biz. IN NS ns36.domaincontrol.com.
miabellagourmetcandles.biz. IN NS ns36.domaincontrol.com.
michaelswindowcleaning.biz. IN NS ns36.domaincontrol.com.
michigancomputerrepair.biz. IN NS ns36.domaincontrol.com.
michigangolfconnection.biz. IN NS ns36.domaincontrol.com.
michiganmortgagebroker.biz. IN NS ns36.domaincontrol.com.
millenniumbrokerbanker.biz. IN NS ns36.domaincontrol.com.
millionairemasterclass.biz. IN NS ns36.domaincontrol.com.

these aren't legitimate by my local policy. the too-cheap-to-meter dns
sales model is not good for the (digital) environment.

vixie


More information about the DNSfirewalls mailing list