AW: Odd policy question.
Jeffrey I. Schiller
jis at MIT.EDU
Sat Jan 14 22:06:20 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Foolish me. Indeed all that is required is a way to detect that the
delegation is lame (hopefully in a secure fashion) and remove the lame
delegations. Of course that does leave the problem of what to do if all
of the delegations are lame, as Randy has alluded to.
-Jeff
Randy Bush wrote:
>>As an engineer, I believe we would need a protocol that would
>>permit someone to query an IP address to ask what DNS domains
>>it may be an NS for.
>
>
> this addresses neither the issue of longevity nor that of
> whether it is authoritative for a particular domain which
> is proposed to be, or has been, delegated to it.
>
> and please note that delegation is not to an ip address, but
> rather to an fqdn. the only time the two are bound is when a
> delegatee is within the zone being delegated, so the delegator
> needs to insert a glue a rr.
>
> i run a very small registry for some cctlds. my scripts do
> specifically check that all servers to which a delegation is
> proposed are actually serving the zone, and will not delegate
> if they are not. i also check for 2182 compliance in a crude
> manner. i also check that the ns rrset held by the servers is
> that to which delegation is requested.
>
> i would gladly re-run the delegation checks against the zone
> files periodically. but i do not as i don't know what to do
> when (not if) i find lamers. it seems a bit drastic to just
> remove delegation. but i know from experience that email to
> the pocs will get no useful response.
>
> randy
>
- --
=============================================================================
Jeffrey I. Schiller
MIT Network Manager
Information Services and Technology
Massachusetts Institute of Technology
77 Massachusetts Avenue Room W92-190
Cambridge, MA 02139-4307
617.253.0161 - Voice
jis at mit.edu
============================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDyXXb8CBzV/QUlSsRAh97AJ41jM/8ys9Bf3YT/nb7KpnwDuDyygCfXNqc
xxfbv+A2ccN9mjLzzLo1N/o=
=iKOl
-----END PGP SIGNATURE-----
More information about the NANOG
mailing list