Umm if the reply won't be off-topic, why do you think restricting access to the entire .nz zone file is a bad thing, and did you put in a submission on the recent policy review? There has been numerous examples of scammers using zone data combined with whois lookups to do mass spams and scams. Doing our bit to make this harder to do seems a good thing IMO. Yes DNSSEC is a good thing also. If I have to choose (and in fact have had to do just that) between DNSSEC and open slather on the zone file, then minimising the ability of scammers takes first priority. The last big scam using zone and whois data saw over NZ$500,000 sent to Australia. All the European ccTLDs (.uk and .de amongst others) are adamant that they also will not implement DNSSEC (as much as they would like to) uness there is a change in the protocol which won't allow people to access their zone files. I'm open for persuasion that the problems fixed by DNSSEC are a bigger threat than the scams made possible by zone access, but yet to see a convincing argument. And yes I know the zone itself doesn't give our registrants data, but it does give scammers a list of all valid entries, which makes it much much easier to get all the details through whois. DPF
-----Original Message----- From: Joe Abley [mailto:jabley(a)isc.org] Sent: Wednesday, 29 September 2004 3:47 a.m. To: Tim Nicholas Cc: nznog(a)list.waikato.ac.nz Subject: Re: [nznog] ns1,2,3,5.dns.net.nz hot being helpful
I'd AXFR the zones from each server and diff them, but of course I can't. Shame that. (If the poor thinking that drove that policy was removed, we might actually be able to deploy DNSSEC in New Zealand, too).
Joe
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog