[gtld-tech] Delegated strings: WHOIS & SLAs...
Rubens Kuhl
rubensk at nic.br
Thu Nov 21 02:25:20 UTC 2013
On Nov 20, 2013, at 8:00 PM, John Levine <johnl at taugh.com> wrote:
>> Yep - you're only allowed SOA, apex NS, glue, DNSSEC records and
>> delegations - nothing else.
>
> That's at the apex of the TLD.
>
> By my count _whois._tcp.tld is two levels down.
>
> R's,
> John
>
> PS: What threat model do people believe is enabled by _tcp?
Include namespace collisions in the mix and you could possibly divert corporate infrastructure to rogue servers.
http://www.icann.org/en/about/staff/security/ssr/name-collision-02aug13-en.pdf
http://forum.icann.org/lists/comments-name-collision-05aug13/pdfOPzpyE9PtF.pdf
Name includes _ldap or _kerberos at the lowest level
_ldap._tcp.dc._msdcs.<etc.>
_kerberos._tcp.dc._msdcs.<etc.>
Name includes _sip, _sipinternal, _sipinternaltls, _sipfederationtls, or _sips at the lowest level
_sip._udp.<etc.>
Rubens
More information about the gtld-tech
mailing list