[TriLUG] OT: Router then Firewall

[Jason Faulkner]

> > 2) Neither Tanner nor Jon touched on who you actually need to contact to
> > update the information in the "whois" record.  There's a good buzzword
> > name for that company or entity, which I'm sure they both know, but
> > neglected to mention directly.
>
> As Ian mentioned, that would be your registry.  That used to be only
> Network Solutions but when the system was opened up for more
> registries they distributed the whois information.  Verisign (who bought
> Network Solutions), however, maintained control over the main root
> nameserver.  This is how, a couple of years ago, they started redirecting
> mistyped domain names that weren't registered to their own
> web page saying "buy this domain".  Instead of returning "unknown
> domain" to something like "unregistereddomainanme.com" they would
> return an A record for their web server.  This upset MANY people because
> it broke a LOT of assumptions, not the least of which was that an easy
> spam check is to see if the return address domain exists or not, and
> one of the main things to come out of that was an option in bind to
> delegate certain domains as "delegation only".  That is, bind, when
> it goes to a nameserver for a particular portion of a hostname, say "com"
> can be configured to only accept a delegation response (that is, a response
> that's like the ones above, "I don't know but ask this nameserver over there.").

It's also worth noting that a lot of things fail "harder" if the DNS
lookup fails. I know that my mailserver gives an instant bounce if the
DNS will not lookup. This is why it's important two have redundancy in
your nameservers. It's benefitial for services to know that the server
for bob.org is SUPPOSED to be at 1.2.3.4, even if 1.2.3.4 is down
right now.


-- 
Jason Faulkner
http://oldos.org