[AusNOG] Telstra manipulating DNS to block botnets

[Rod Veith]

Quote "Surely contacting the domain registrars to get these domains taken
down is a better approach than altering dns records at the ISP end."

 

I wholeheartedly agree with you. Trouble is many overseas registrars do not
agree with us. Unless 'bad' registrars around the world are forced from the
business, the problem continues and continues to grow.

 

One personal example of mine. On a quiet day a few months ago I was tired of
some spam getting through filters so I identified the registrar for a spam
site that the spam email wanted me to visit. This registrar happened to be
in Turkey so I wrote a polite email to the registrar and attached the
offending spam email to my request for de-registration of the domain.
Thinking "that might fix the problem, if not, I'm no worse off" I moved on
to more productive work. 

 

I was WRONG, it got worse.  I now receive spam emails from Turkey!!! when I
never did before. I do not think this is a coincidence. Rightly or wrongly,
now my impression is that some registrars operate with little regard for the
general well-being of the industry and probably the laws of their own
country. 

 

While the move of serious organised crime into the internet needs addressing
and ISPs are concerned enough to take some action to protect customers from
criminals, this does then raise other important issues that if ISPs start
this process, then it opens the door to allowing other insidious evils such
as censorship or legal issues around 'duty of care' and probably more.
Telstra may be able to claim they are merely doing what is necessary to
protect their own ISP network but not being a lawyer I do not know if that
is sufficient or even a valid claim.

 

Me looks ahead and sees a gentle slippery slope starting here. 

 

I'm thinking the correct and best approach (and probably harder) is to sue
registrars for failing in their responsibilities and leave 'tampering of
DNS' alone.

 

Rod



From: ausnog-bounces at lists.ausnog.net
[mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Martin - StudioCoast
Sent: Thursday, 14 June 2012 4:55 PM
To: AusNOG at lists.ausnog.net
Subject: [AusNOG] Telstra manipulating DNS to block botnets

 

http://www.computerworld.com.au/article/427613/telstra_trial_detects_5_4_per
_cent_botnet_infection_rate/
<http://www.computerworld.com.au/article/427613/telstra_trial_detects_5_4_pe
r_cent_botnet_infection_rate/#closeme> 

Surely contacting the domain registrars to get these domains taken down is a
better approach than altering dns records at the ISP end.
I guess this leads to a question to all network operators of Australian
ISPs, do you modify DNS records in your cache and if so what for?



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20120614/96102a82/attachment.html>