TLD .ES screw up

• Previous message (by thread): TLD .ES screw up
• Next message (by thread): TLD .ES screw up
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> I think you're wrong. Last time we had to change .es delegation one and
> a half years ago, we had to sent a normal template to hostmaster at internic.net

when i first saw this problem i thought that it was due to a delegation
change, but it later turned out to have been due to a glue change.  if
it had been due to a delegation change, iana would still be your only line
of recourse since templates concerning TLD's are reviewed and processed by
the IANA before being handed back to the InterNIC (currently NSI) for
publication.  since it was due to a glue change, you're right that the
erroroneous information was not seen or approved by IANA in this instance.

> But InterNIC also make changes to hosts where domains are delegated which
> seem to be the cause of this problem. Someone made a wrong "host template"
> request for one of the secondaries of .es (ns.eunet.es) changing its name
> and IP address, which had the effect of changing the delegation of the .es
> zone.

right.  i think that all hosts who are listed as nameservers for any TLD
ought to be "locked" such that IANA has to approve any changes to them, but
i don't believe the InterNIC's software has that capability at the moment.

> For what I understand, InterNIC is admiting hosts templates for
> domains which are not under .com .org .net, etc. (the TLDs under his
> management) and placing glue records for them in the DNS. Am I right?

Yes.

> If this is such, I don't think this is correct. If someone wants a
> domain under .com to be delegated in a server under .es they shouldn't
> place glue records for this nameserver (the same way we don't place
> glue records for nameservers of .es domains delegated into .com NSs).

Glue should ideally be verified against authoritative data, and rejected if
it does not match.  A future version of BIND will support that capability.

> The only glue records they should have for NSs under .es are the
> ones in which the TLD .es is being delegated and those should be admited
> only if included in the TLD delegation (or change of delegation) request.

I tend to agree.

• Previous message (by thread): TLD .ES screw up
• Next message (by thread): TLD .ES screw up
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]