Will reverting DNS wildcard have any adverse affects?

Piotr KUCHARSKI chopin at sgh.waw.pl
Sat Oct 4 22:50:56 UTC 2003


On Sat, Oct 04, 2003 at 12:39:21PM -0700, bmanning at karoshi.com wrote:
> > So you are questioning the "type delegation-only" functionality? Then
> > it's a wrong address, stupidity will always be the biggest problem in
> > the universe.
> in a word, YES. and there have been/are lots of folks 
> who fall into the trap of either "stupidity" or ignorance (more likely)
> who will do things simply because is was in some script or manual w/o
> questioning -why-.

But delegation-only and root-delegation-only are not in the script
or FAQ. They are in the manual, like all the rest of the options, but
with no attitude.

> These types of folks can be reasoned with, its just that there are so 
> many of them... :)  [...]
> while BIND is open-source and any knuckledragging code jock can "haq the source"
> to do this, ISC is acting as arm manufacture and dealer, handing out easy to use
> code that allows local admins to lie to themselves and those that use their servers
> about what the zone admin indicates is correct for the zone.  (and yes, I have
> a bias here... :)

ISC had put so many controls in bind, including acls, allow-transfers,
views... they all allow local admins to lie to themselves and those that
use their servers. It's no reason for not liking the flexibility in bind.

> > However, Verisign hijacking "com" and "net" made few things clear. Most
> > important: these domains are public, not theirs, hence they should not
> that is not clear to me.  I'd like to argue that -ALL- delegations are made
> in the public interest and are not "owned" by anyone.  

Delegations themselves are usually owned by those who paid for them. :)
Arbitrary entries/changes by the TLD domain holder in the unpaid[1] space
should not be allowed without prior consent of all involved parties.

> You and others are
> trying to claim that some delegations are "public" and some are not.  I'd really
> like to see the legal basis for making such a distinction.  

IMO all TLDs are public. Like country names. You cannot own them and do
whatever you want with them. Some methods of operating them are questionable,
not the fact that they are public.

> > Marking "com" and "net" as delegation-only
> > is not harming anything. (At least until ICANN changes its mind.)
> perhaps not.  I remain unconvinced.

Remember, though, that these two configuration options are not default
(and should (and will) never be). And I will probably withdraw them
from my configuration once Verisign stops using wildcard in com/net.
If there are no further problems with them, noone will use these options;
why bother, when things are running as they should?

p.

[1] "Unpaid" as in net/com; other tlds may have different requirements
for having domains registered.

-- 
Beware of he who would deny you access to information, for in his
heart he dreams himself your master.   -- Commissioner Pravin Lal
http://nerdquiz.sgh.waw.pl/  -- polska wersja quizu dla nerdów ;)



More information about the NANOG mailing list