Interesting new dns failures

Simon Waters simonw at
Mon May 21 17:57:06 UTC 2007

On Monday 21 May 2007 14:43, you wrote:
> I'll bet a large pizza that 90% or more could be relocated to a more
> appropriate location in the DNS tree, and nobody except the domain holder
> and less than a dozen other people will notice/care in the slightest.

More like 99% I suspect, but we've no idea which 99%.

The decision to make the name servers part of the hierarchy, without insisting 
they be within the zones they master ("in bailiwick" as some call it) and 
thus glued in, means we have no definite idea which bits of the DNS break on 
any specific deletion.

In general it is impossible when deleting a zone to know the full consequences 
of that action unless you are that zones DNS administrator, and even then you 
need to ask any administrators of delegated domains. 

So those who think deleting zones is a way to fix things, or penalise people, 
should tread VERY carefully, less they end up liable for something bigger 
than they expected (or could possibly imagine).

Doing it all again, this is clearly something that folks would work to 
minimize in the design of the DNS. Such that deleting ".uk" could be 
guaranteed to only affect domains ending in ".uk". But at the moment, you 
can't know exactly which bits of the DNS would break if you deleted the ".uk" 
zone from the root servers. 

For example deleting our corporate ".com" zones from the GTLD servers could 
potentially* disable key bits of another second level UK domain, and no third 
party can tell for sure the full impact of that change in advance. Who knows 
they may be hosting other DNS servers for other zones in their turn (I doubt 
it but I don't know for certain).

Of course even if the DNS were designed so you can recognise which bits might 
break with a given change, you'd then be left not knowing which services are 
linked into a particular domain. But that is beyond the scope of a name 
service design I think.

Sure most of the time if you delete a recently registered domain name, with a 
lot of changes and abuse in its history, you normally just hurt a spammer. I 
dare say collateral damage probably follows some simple mathematical law like 
1/f ? Hopefully before you delete something really important you most likely 
delete something merely expensive, and learn to be more careful.


PS: Those who make sarcastic comments about people not knowing the difference 
between root servers, and authoritative servers, may need to be a tad more 
explicit for the help of the Internet challenged.

* I'm hoping the name servers in will help if anything ever does go pear 
shaped with that domain name, but I wouldn't bet money on it.

More information about the NANOG mailing list