.nyc - here we go...

Eric Brunner-Williams brunner at nic-naa.net
Thu Jul 4 17:34:41 UTC 2013

On 7/4/13 8:00 AM, Ted Cooper wrote:
> Do they have DNSSEC from inception? It would seem a sensible thing to do
> for a virgin TLD.

In the evolution of the DAG I pointed out that both the DNSSEC and the
IPv6 requirements, as well as other SLA requirements, were
significantly in excess of those placed upon the legacy registries,
and assumed general value and availability with non-trivial cost to
entry operators, some of whom might not be capitalized by investors
with profit expectations similar to those that existed prior to the
catastrophic telecoms build-out and the millennial dotbomb collapse.

The v6-is-everywhere and the DNSSEC-greenfields advocates prevailed,
and of course, the SLA boggies remain "elevated" w.r.t. the legacy
registry operator obligations.

"Sensible" may be subject to cost-benefit analysis. I did .cat's
DNSSEC funnel request at the contracted party's insistence and I
thought it pure marketing. The .museum's DNSSEC funnel request must
have, under the "it is necessary" theory, produced demonstrable value
beyond the technical pleasure of its implementer.

Anyone care to advance evidence that either zone has been, not "will
someday be", significantly improved by the adoption of DS records?
Evidence, not rhetoric, please.

#insert usual junk from *nog v6 evangelicals that .africa and .eos
(Basque Autonomous Region) must drive v6 adoption from their
ever-so-deep-pockets, or the net will die.


More information about the NANOG mailing list