Verisign Speeds Up DNS Updates 131
Changeling writes "According to Matt Larson, a representative of VeriSign Naming and Directory Services, on September 8, 2004 Verisign will be switching from performing 2 updates per day of the .com and .net zones to performing updates every few seconds. According to Matt, 'After the rapid DNS update is implemented, the elapsed time from registrars' add or change operations to the visibility of those adds or changes in all 13 .com/.net authoritative name servers is expected to average less than five minutes." Full story can be found here."
Censorship? (Score:5, Interesting)
The bad part: if someone gets Verisign to shut off your DNS, your site goes dark before anyone knows what happened. It's a lot harder for anyone to mirror it when the news starts breaking.
Spammer's Delight... (Score:5, Interesting)
Will rapid DNS updates impact SPAM?
Verisign anticipates negligible increases in SPAM as a result of more frequent updates to the
Translation: When a spamvertized site is unpluged by hosting company X, the spammers can quickly redirect their domain to point at their new server at hosting company Y...
In the cat and mouse game that is spamming, the mice have just gotten an ability to flee faster.
Re:Censorship? (Score:4, Interesting)
Censorship concerns usually go at the ISP to pull down the content altogheter, as afterall it most likely would still be available by IP address anyway.
It's in a trademark case that the owner of the trademark might seek to overtake a domain from somebody they don't like. In that case, the publisher can simply repost their content under another domain, or direct people to the IP address and forget about DNS.
Re:Yet another Y2038 problem (Score:3, Interesting)
The solution is to have zone transfer clients transfer the zone regardless of whether the serial number has increased or decreased; this is why DJB's axfr (zone transfer) client does.
Overview for people who don't know DNS: The serial number is used in automated transfers of DNS information to determine whether the information has been updated. If the integer has been increased since the last update, the client knows to to transfer all of the information again. The number is a 31-bit unsigned integer, which means the use of a Unix timestamp for this number will expire in 2038.
WHOIS (Score:1, Interesting)
All it takes is one or two people to file a claim with ICANN or your registrar that your whois info is wrong and many registrars such as GoDaddy and Dotster will pull the domain away no questions asked and then point to ICANN rules as a scapegoat.
I've heard of times where people got their domain yanked because the phone line was being disconnected for like a day during a phone company outage and that was enough for the domain to be taken.
So yes, censorship is very alive and well and it doesn't have to target your hosting provider.
The best way to combat this problem is to get a domain registrar that actually respects the customer and gives them a chance to update information that they might have forgotten to update or to simply explain is valid but that there are circumstances such as you not being home 24/7 to answer your phone and what not. GoDaddy and DOTSTER are definitely not companies you want to do business with if you don't want your domain to be yanked unjustly at random.
Verisign doesn't do ANYTHING benevolently (Score:3, Interesting)
There are some obvious, immediate benefits with issues like this. Systems can more quickly route around outages and DDOS attacks.
However, I'm highly suspect that Verisign came up with this idea without some self-interest at the heart of it.
Why do I have this feeling that, any non-Verisign registrar won't get their updates reflected in the root servers as quickly as Verisign's own customers?
Re:"A little-known DNS behavior called credibility (Score:3, Interesting)
So for all secure DNS resolvers, TTL will still be 48 hours until Verisign works out a way to let people update it themselves.