New Nominet drop catching flaw revealed?

[KarlM]

What a shambles. probably leaving it so they have more justification for there cash cow auctions.

 

[bluerock]

If Nominet are giving you more quota than they should I can't blame anyone for using it

If I went to McDonalds and ordered regular fries and they gave me large fries I'd keep them

 

[Lovekraft]

complete farce, does anyone know how long it has been around for? convenient timing indeed for a certain consultation.

This is basic stuff, how can they not have this fixed already if it's been reported?

 

[Aaron Clifford]

This is basic stuff, how can they not have this fixed already if it's been reported?

Nominet.

 

[Aaron Clifford]

Here comes a horrendous few weeks of the big multi taggers hoovering everything up.

 

[Lovekraft]

If I went to McDonalds and ordered regular fries and they gave me large fries I'd keep them

The difference is if Mcdonalds give you big fries by mistake it's not breaking any rules, it was just a mistake.

 

[super-whois]

The difference is if Mcdonalds give you big fries by mistake it's not breaking any rules, it was just a mistake.

Indeed, it's like going back to the counter and claiming you didn't get any fries, i.e. FRAUD.

 

[lazarus]

Bring back Jay Daley.

Just checked the bio of Jay Daley... Impressive.
https://datatracker.ietf.org/person/Jay Daley

We seem to have Arthur Daley running it at the moment...

 

[Nigel]

Just checked the bio of Jay Daley... Impressive.
https://datatracker.ietf.org/person/Jay Daley

We seem to have Arthur Daley running it at the moment...

That's a bit unfair on Arthur Daley!

 

[super-whois]

I remember seeing some odd behaviour on the usage command about a year ago, but I didn't investigate it at the time, so it's possible it has been a problem for some time.

An interesting follow up:
https://www.greywing.uk/the-blog/new-catching-flaw-part-2

So was the old caching flaw still available on the Time Delay DAC, and doubling your quote helped in using this?

 

[Nigel]

worrying to think that Nominet have been entrusted with helping provide the UK's national cyber security defence yet can't fix a simple flaw:

'Nominet was brought in by the UK Government to deliver a vital part of the National Cyber Security Centre's Active Cyber Defence programme, Protective DNS. That expertise is now being deployed around the world as governments seek to protect their networks.'

https://www.nominet.uk/cyber-security/

 

[domainseller200]

It always amazes me when anyone actually thinks that Nominet give a shit about anything at all coming from domainers...

 

[Aaron Clifford]

It always amazes me when anyone actually thinks that Nominet give a shit about anything at all coming from domainers...

I agree, all the complaining in the world has made no difference in the 8/9 odd years I've been involved with Nominet.

 

[webber]

i reported this to Nominet weeks back, initially, you didn't need ipv6... There was a rouge server active in the cluster therefore due to a round-robin config on their LB's... all you needed to do was reconnect 4-5 times to land on the rouge server which would give you double quota.. and when you team this with TDDac you had 4 x the quota... I reported that to them and they fixed it but appear to have broken ipv6 in doing so... i also reported the IPV6 issue to them about a week or so ago so who knows why its been left in tact.

I have seen something similar in Jan/Feb
I used my quota in half a day, then my server kept trying to reset the DAC connection and after some attempts I got a fresh new quota for some reason. The IP stayed the same. Don't know what happened, I couldn't replicated.

 

[BG]

 

[Murray]

Too long the U.K. namespace has been restricted to the coding competent.

God forbid hard work and talent be rewarded

 

[Murray]

If it was fair, people wouldn't have to use hard work and talent to compete.

This is a equal opportunity vs equal outcome argument

Footaballers are paid so well because their talent draws thousands of people to a stadium and millions of people to watch at home

Choose 22 random people from around the country to have a football match who is going to pay to watch? you turn something of value into nothing

A lottery system for domains would be completely fair but benefit everyone and no one at the time, when the mumsnet or moneysavingexpert forum type people got wind of it you would have tens of thousands of entries for each obviously valuable domain

Your chances of getting a good domain are the same as everyone else, practically none

The .uk release system is now totally fair with no pesky barriers like talent but also now completely worthless, that is not a step forward that is just destruction of value

 

[Murray]

I agree wholeheartedly with you. I don't think a lottery system is a way forward.

"Too long the U.K. namespace has been restricted to the coding competent, or those with money to invest in"

If no coding and no money (so not auction) what is left but a lottery?

 

[Siusaidh]

This is the UK's namespace. Something we should be proud of, for its values, its efficiency, its security. I don't have a problem with talent, skills, and hard work being rewarded - in fact I admire it.

I don't think the onus is on domain catchers to be little Lord Fontleroys, because I don't think you can expect that human nature will operate that way. We can't expect everyone to be selfless and noble and report gaps and flaws to Nominet at the earliest opportunity. Not everyone will. That's just reality.

Rather:

The *onus* is on Nominet to run a system that runs equally and fairly for all, and as a firm invested in cyber security, the onus is on them to ensure their systems are resilient, and that flaws cannot be gamed.

It seems frankly incredible that these flaws (if reports are correct, which it looks like they are) have been allowed to run unresolved over long periods of time. In the NHS, if I confront a problem outside my skillset, I don't just leave the patient to die: I call in a specialist to deal with the situation.

It is disappointing that flaws occur in a system that is part of our vital national infrastructure. That system resilience and security is Nominet's first absolute imperative, or else the government needs to call in their mandate to operate. However, random errors occur in all areas of life.

The real concern that disturbs me is if these flaws were flagged up, and month or months later the flaws have not been shut down. That would be astonishing neglect. It also means people gaming the system are harming and damaging many other Nominet members.

As a cyber security company - which is how Nominet claims to be diversifying - it is almost hard to believe that they have not been able to deal with flaws that have been flagged up. After all, what possible motive could they have for letting their own systems fall prey to chaotic circumvention? I'll leave that question for others to reflect on - because on the surface it doesn't make sense.

 

[super-whois]

What @Siusaidh said is spot on. I would expect a "world leading registry" to be proactive on security and prevention of gaming the system. What we see is certainly neglect.