North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: AW: Odd policy question.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Foolish me. Indeed all that is required is a way to detect that the delegation is lame (hopefully in a secure fashion) and remove the lame delegations. Of course that does leave the problem of what to do if all of the delegations are lame, as Randy has alluded to. -Jeff Randy Bush wrote: >>As an engineer, I believe we would need a protocol that would >>permit someone to query an IP address to ask what DNS domains >>it may be an NS for. > > > this addresses neither the issue of longevity nor that of > whether it is authoritative for a particular domain which > is proposed to be, or has been, delegated to it. > > and please note that delegation is not to an ip address, but > rather to an fqdn. the only time the two are bound is when a > delegatee is within the zone being delegated, so the delegator > needs to insert a glue a rr. > > i run a very small registry for some cctlds. my scripts do > specifically check that all servers to which a delegation is > proposed are actually serving the zone, and will not delegate > if they are not. i also check for 2182 compliance in a crude > manner. i also check that the ns rrset held by the servers is > that to which delegation is requested. > > i would gladly re-run the delegation checks against the zone > files periodically. but i do not as i don't know what to do > when (not if) i find lamers. it seems a bit drastic to just > remove delegation. but i know from experience that email to > the pocs will get no useful response. > > randy > - -- ============================================================================= Jeffrey I. Schiller MIT Network Manager Information Services and Technology Massachusetts Institute of Technology 77 Massachusetts Avenue Room W92-190 Cambridge, MA 02139-4307 617.253.0161 - Voice [email protected] ============================================================================ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDyXXb8CBzV/QUlSsRAh97AJ41jM/8ys9Bf3YT/nb7KpnwDuDyygCfXNqc xxfbv+A2ccN9mjLzzLo1N/o= =iKOl -----END PGP SIGNATURE-----
|