Verisign Responds
Jack Bates
jbates at brightok.net
Wed Sep 24 19:46:06 UTC 2003
Paul Vixie wrote:
> you are confused. and in any case this is off-topic. take it to namedroppers,
> but before you do, please read rfc's 1033, 1034, 1035, 2136, 2181, and 2317.
Can someone please tell me how a change to a critical component of the
Internet which has the capacity to cause harm is not an operational issue?
A TLD issues a wildcard. Instead of discovering if records match the
wildcard and returning NXDOMAIN (which is what everone wanted), the
software was designed to restrict records based on delegation.
Delegation was not broken. The changes made allow engineers to break it.
I'd consider this an issue. Reports have already come in of all the
various domains that people will mandate delegate-only for. For the
record, .museum was listed several times despite the request in
documentation to not force delegation, as were other zones.
In fact, many people were confused. They didn't understand what zone
delegation was. For the record, I've read all the RFC's you posted. To
many, it's an issue of wildcards. Yet BIND didn't solve the wildcard
problem. It solved a delegation problem, which was not only "not broken"
but has traditional use.
Which "countermeasures" being implemented did the IAB have an issue
with? I wonder since their arguement against the wildcards was the fact
that it breaks traditional use. BIND now easily breaks traditional use.
-Jack
More information about the NANOG
mailing list