[gnso-ff-pdp-may08] RE: Dynamic DNS

[Joe St Sauver <joe@xxxxxxxxxxxxxxxxxx>]

Hi Paul!

#A Number of registrars and other service providers (http://www.dynip.com/  is
#one) provide a "Dynamic DNS" service, whereby a domain name points to a
#(usually) home computer's IP which has a dynamic IP.  The DNS entry would have
#a low TTL.  When the IP changes the DNS is updated with the new IP.  Users 
#can then host a website on a computer with a Dynamic IP.

Yep, familiar with the service (I have some friends who use it, in fact).

Let me also emphasize that at least from my point of view, low TTLs, in and
of themselves, are NOT ipso facto evil nor prima facie evidence that a domain
is fast flux. As I've previously mentioned, some rather well established
entities (like the military) routinely use low TTLs to insure that they have
flexibility to respond to DDoS and other network attacks, and just like
them, while your customers may have low TTLs, they don't seem to actually
move around across all that many IPs. 

#I don't see this service listed in the "Legitimate uses of fast flux" section.
#I haven't read all the messages on this list. Is it not listed because it's not
#"fast-flux" because the changing IP usually spans just a single ASN (and not
#multiple ASNs)? 

Correct. I think most operational folks would tease out dynamic DNS service 
of the sort you describe on several bases:

-- as you note, while the IPs associated with a domain name change, they tend
   to change within a single ASN, and typically not at an observed level
   seen in conjunction with fast flux hosts

-- the dynamic DNS service user tends to have domain names which point to 
   just a single dotted quad at any given time (unlike a fast flux domain,
   which might point at ten or twenty hosts on multiple continents and 
   multiple providers at any given moment)

-- you (and virtually dynamic DNS providers) have real whois info

-- your customers aren't using your facilities for substantively unlawful 
   purposes

-- the services that provide this type of facility are well known in the
   operational anti-abuse community, with virtually all being scrupulous 
   when it comes to dealing with any abuse issues (nice example of when
   whitelisting makes a lot of sense)

#If so, I think that is a small distinction so it should be listed to avoid 
#confusion that a Dynamic DNS service is somehow illegitimate. 

It can be an act of some labor to "list all the animals that aren't animal
<foo>," but if folks are nervous that they might be mistaken for a
tangentially similar animal, I certainly wouldn't object to adding
clarifying language distinguishing dynamic DNS providers from fast 
flux'ers. Would the comments above, perhaps combined with Jose's remarks,
address your concerns if Marika could find some place to slot them in?

How would other folks feel about adding a chunk of text distinguishing 
dynamic DNS from fast flux?

Regards,

Joe

Disclaimer: all opinions strictly my own