Interesting new dns failures
Simon Waters
simonw at zynet.net
Mon May 21 17:57:06 UTC 2007
On Monday 21 May 2007 14:43, you wrote:
>
> I'll bet a large pizza that 90% or more could be relocated to a more
> appropriate location in the DNS tree, and nobody except the domain holder
> and less than a dozen other people will notice/care in the slightest.
More like 99% I suspect, but we've no idea which 99%.
The decision to make the name servers part of the hierarchy, without insisting
they be within the zones they master ("in bailiwick" as some call it) and
thus glued in, means we have no definite idea which bits of the DNS break on
any specific deletion.
In general it is impossible when deleting a zone to know the full consequences
of that action unless you are that zones DNS administrator, and even then you
need to ask any administrators of delegated domains.
So those who think deleting zones is a way to fix things, or penalise people,
should tread VERY carefully, less they end up liable for something bigger
than they expected (or could possibly imagine).
Doing it all again, this is clearly something that folks would work to
minimize in the design of the DNS. Such that deleting ".uk" could be
guaranteed to only affect domains ending in ".uk". But at the moment, you
can't know exactly which bits of the DNS would break if you deleted the ".uk"
zone from the root servers.
For example deleting our corporate ".com" zones from the GTLD servers could
potentially* disable key bits of another second level UK domain, and no third
party can tell for sure the full impact of that change in advance. Who knows
they may be hosting other DNS servers for other zones in their turn (I doubt
it but I don't know for certain).
Of course even if the DNS were designed so you can recognise which bits might
break with a given change, you'd then be left not knowing which services are
linked into a particular domain. But that is beyond the scope of a name
service design I think.
Sure most of the time if you delete a recently registered domain name, with a
lot of changes and abuse in its history, you normally just hurt a spammer. I
dare say collateral damage probably follows some simple mathematical law like
1/f ? Hopefully before you delete something really important you most likely
delete something merely expensive, and learn to be more careful.
Simon
PS: Those who make sarcastic comments about people not knowing the difference
between root servers, and authoritative servers, may need to be a tad more
explicit for the help of the Internet challenged.
* I'm hoping the name servers in co.uk will help if anything ever does go pear
shaped with that domain name, but I wouldn't bet money on it.
More information about the NANOG
mailing list