If you read the comments, you'll note that they didn't even get the 'take-over' right.

In fact, the M$ servers listed as 'authoritative' tried to implement a selective forwarding/proxy service, since they
didn't have the zone data.  This is non trivial.  The DNS is not architected for meddling, and as many who have tried to implement load balancers, typo-trappers, ad inserters and other forms of meddling have found out, 'there be dragons there'.

Now imagine such an attempt in a DNSSEC-secured domain.  Or one of those new TLDs.  How about .ru or .cn (hotbeds of crime)?  Or the biggest source of crime - .com?

Botnets certainly are a menace, and deserve attention.  However, attacking the DNS seems to be in-vogue as it's the thing best known to the law enforcement community.  As this case shows, many innocent users of no-ip had their operations disrupted.  And the fixes aren't trivial for them.  Consider the one in the comments who uses X.509 certificates for security (a good thing), and was told 'just get another domain name'.  And re-issue all certificates to his users.  Oh, and by the way, if the technical person is traveling when this happens, oops, there's no way to make the server-side changes.

A more reasonable approach would have been to monitor the traffic to the botnet hubs and black-hole route the infected IP addresses.  That would have required some technical sophistication and work.  But it was easier for LEO/M$ to attack the DNS -  there being no penalty for collateral damage. 

"When the only tool one has is a hammer, every problem looks like a nail"; er, um, 'When the only part of the internet that is well known is the DNS, attacking is the solution to all ills.'  The LEOs/courts know about the DNS...

All of the DNS community - not just NCSG - should be up in arms about this.  LEOs need to be educated.  Better methods for going after the miscreants/criminals need to be developed.  And the DNS needs to be defended from these sorts of well-intentioned, but technically incompetent attacks made in the name of fighting crime.  Crime fighters should adopt the Hippocratic oath... "First, do no harm"

Timothe Litt
ACM Distinguished Engineer
--------------------------
This communication may not represent the ACM or my employer's views,
if any, on the matters discussed.
On 08-Jul-14 11:31, Seun Ojedeji wrote:
[log in to unmask]" type="cite">
Hello Timothe,

Thanks for bringing this up here; when i first read the news of Microsoft hijacking no-ip domain. The first technical question that came to mind was; Is Microsoft now some form of an hacker because i was just wondering how they took-over without any form of authorisation from the domain owner. However i guess the section below from your url clears it for me

Under the terms of the court decision, the DNS lookups for the domains were passed to Microsoft's name servers, with the plan being that Redmond would filter out No-IP subdomains linked to malicious activity and let legitimate subdomains resolve as expected.

Having cleared the technical sides of the story, the question now is whether no-ip should bound to respond to such call from Microsoft especially since its not an act from no-ip itself but the users. One could liken this to running botnets on systems that exist on a large ISP network to attack a particular organisation. Does the victim sue the ISP or the users who don't even know they are botnet nodes. 

Cheers!


On Tue, Jul 8, 2014 at 3:51 PM, Timothe Litt <[log in to unmask]> wrote:
I haven't been following things here for a while, so sorry if this has
already been noticed.

If not, here's a case of judicial interference with the DNS, coupled
with incompetent 'solutions'.

This is highly relevant to the ncsg constituency as many non-commercial
users live with dynamic IP addresses, using services such as no-ip to
have stable names in the DNS.

Of course, our terms of membership can be read to exclude these users -
but note that there's nothing to prevent a similar action being taken
against direct holders of domain names...

Here's the story:
http://www.theregister.co.uk/2014/07/01/sorry_chaps_microsoft_unborks_legitimate_noip_users_domains/

The comments provide more detail - which for technical readers is tragic.

--
Timothe Litt
ACM Distinguished Engineer
--------------------------
This communication may not represent the ACM or my employer's views,
if any, on the matters discussed.





--
------------------------------------------------------------------------
Seun Ojedeji,
Federal University Oye-Ekiti
web:      http://www.fuoye.edu.ng
Mobile: +2348035233535
alt email: [log in to unmask]

The key to understanding is humility - my view !