Verisign Responds
Dave Crocker
dhc2 at dcrocker.net
Thu Sep 25 23:58:08 UTC 2003
Folks,
bkc> lets try this again... why should a valid DNS protocol element
bkc> be made illegal in some parts of the tree and not others?
bkc> if its bad one place, why is it ok other places?
There very much _is_ an operational issue here, but it needs to be
characterized very carefully.
To that end, the IAB note is nicely careful and, I think, exactly right in
classifying a core "coordination" problem that comes with wildcarding.
Standards are, after all, about coordinating details among independent
participants.
The problem with wildcarding a gTLD is not that the construct
should be made illegal but that it requires a degree of coordination that was
not attempted. In this regard, the sponsored TLDs are not a problem
specifically because they are run in a more heterogeneous manner.
The IAB note captures this quite with:
In particular, we recommend that DNS wildcards should not be used in a
zone unless the zone operator has a clear understanding of the risks, and
that they should not be used without the informed consent of those
entities which have been delegated below the zone.
d/
--
Dave Crocker <dcrocker-at-brandenburg-dot-com>
Brandenburg InternetWorking <www.brandenburg.com>
Sunnyvale, CA USA <tel:+1.408.246.8253>
More information about the NANOG
mailing list