AW: Odd policy question.

• Previous message (by thread): AW: Odd policy question.
• Next message (by thread): AW: Odd policy question.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Foolish me. Indeed all that is required is a way to detect that the
delegation is lame (hopefully in a secure fashion) and remove the lame
delegations. Of course that does leave the problem of what to do if all
of the delegations are lame, as Randy has alluded to.

			-Jeff

Randy Bush wrote:
>>As an engineer, I believe we would need a protocol that would
>>permit someone to query an IP address to ask what DNS domains
>>it may be an NS for.
> 
> 
> this addresses neither the issue of longevity nor that of
> whether it is authoritative for a particular domain which
> is proposed to be, or has been, delegated to it.
> 
> and please note that delegation is not to an ip address, but
> rather to an fqdn.  the only time the two are bound is when a
> delegatee is within the zone being delegated, so the delegator
> needs to insert a glue a rr.
> 
> i run a very small registry for some cctlds.  my scripts do
> specifically check that all servers to which a delegation is
> proposed are actually serving the zone, and will not delegate
> if they are not.  i also check for 2182 compliance in a crude
> manner.  i also check that the ns rrset held by the servers is
> that to which delegation is requested.
> 
> i would gladly re-run the delegation checks against the zone
> files periodically.  but i do not as i don't know what to do
> when (not if) i find lamers.  it seems a bit drastic to just
> remove delegation.  but i know from experience that email to
> the pocs will get no useful response.
> 
> randy
> 


- --
=============================================================================
Jeffrey I. Schiller
MIT Network Manager
Information Services and Technology
Massachusetts Institute of Technology
77 Massachusetts Avenue  Room W92-190
Cambridge, MA 02139-4307
617.253.0161 - Voice
jis at mit.edu
============================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDyXXb8CBzV/QUlSsRAh97AJ41jM/8ys9Bf3YT/nb7KpnwDuDyygCfXNqc
xxfbv+A2ccN9mjLzzLo1N/o=
=iKOl
-----END PGP SIGNATURE-----

• Previous message (by thread): AW: Odd policy question.
• Next message (by thread): AW: Odd policy question.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]