This very interesting document was released by ICANN's Generic Names Supporting Organization (GNSO) for public comment yesterday. And it asks some fundamental questions while at the same time pointing to sources such as the Honeynet Alliance's reports on fast flux.
It also points out the benefits of "legitimate" fast flux — such as its use by content distribution networks, or by DDoS protection systems. An additional use is of course a simple attempt at using multiple A records with short (< 1 minute) TTL in a basic attempt to load balance.
It would be interesting to see what registries and registrars can do to suppress malicious fast flux — such as due diligence to prevent fraudulent registration of domains (most if not all malicious fast flux domains are registered using stolen cards, and chargebacks of course hurt registrars far more than the revenue from these, or at least I hope so), and proactive action by registries to block registration of fastflux domains.
A lot of the fast flux domains also — it must be noted — use Whois privacy as a default where it is available (and some registrars have a very bad habit of inserting absolutely fake addresses into the Whois records, for Whois privacy — where others list their own business address and a clear note on the nature of this Whois privacy). Some of that ugly mess of a discussion is quite likely to be relevant here as well.
Questions that get asked in the report — some are quite probably rhetorical, and most of these do have suggested answers in the report — are below:
By Suresh Ramasubramanian, Architect, Antispam and Compliance
|Cybersquatting||Policy & Regulation|
|DNS Security||Registry Services|
|IP Addressing||White Space|
Minds + Machines