The SRS and Lame Delegations
Thorny issue I'm sure everyone has a view on:
Should the SRS test given nameservers for a name for authorativeness at
submission (ie, check for lame delegations), and if so, should it require
all provided nameservers to give authorative answers, or a minimum number
(suggest please :) ). If it does perform such checks, how often should it
repeat them?
Agreement by all is not being sought, just arguments either way.
--
David Zanetti
Is this an InternetNZ committee question or are you asking as a member of the development team?
Should the SRS test given nameservers for a name for authorativeness at submission (ie, check for lame delegations), and if so, should it require all provided nameservers to give authorative answers, or a minimum number (suggest please :) ). If it does perform such checks, how often should it repeat them?
[1] Registrar should be able to register a name without specifying any name servers [2] Registry should require 2 or more name servers to be specified before including in a zone build [3] No tests for auth servers need to be completed by the registry at delegation time [4] Registrars may or may not include an auth test at registration time (as domainz registrar does today) In the interests of a healthy dns ... Registry may want to have a scheduled task that checks that at least one name server is responding for each zone it delegates. If a particular domain is delegated for for more than x days without an auth answer, then they can remove it from the zone build and notify the registrar who will be required to complete a transaction with the registry to re-include it in the next zone build. This is of course entirely automated :-) Lets not continue to confuse the business of name registration and name delegation. Checking for auth is not a useful tool at name registration time. My point [2] above is common sense, and not specified in any RFC. ICANN registries will in fact delegate a name to only one name server if that is all that is entered into the registry by a registrar. regards Peter Mott Chief Enthusiast 2DAY INTERNET LIMITED It's kind of fun to do the impossible - Walt Disney -/- - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
At 11:14 18/03/02 +1200, Peter Mott wrote:
Registry may want to have a scheduled task that checks that at least one name server is responding for each zone it delegates. If a particular domain is delegated for for more than x days without an auth answer, then they can remove it from the zone build and notify the registrar who will be required to complete a transaction with the registry to re-include it in the next zone build. This is of course entirely automated :-)
Umm, Wouldn't it be a bit more polite to notify the technical contact address that they are a lame delegation so that they can have a chance to fix it *before* just removing the delegation ? Problems can and do occur, and just removing the delegation without some kind of warning isn't very fair. Regards, Simon - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Sunday, March 17, 2002, at 06:25 , Simon Byrnand wrote:
At 11:14 18/03/02 +1200, Peter Mott wrote:
Registry may want to have a scheduled task that checks that at least one name server is responding for each zone it delegates. If a particular domain is delegated for for more than x days without an auth answer, then they can remove it from the zone build and notify the registrar who will be required to complete a transaction with the registry to re-include it in the next zone build. This is of course entirely automated :-)
Umm,
Wouldn't it be a bit more polite to notify the technical contact address that they are a lame delegation so that they can have a chance to fix it *before* just removing the delegation ?
I don't think Peter was talking about removing a name from the register due to a lame delegation. He was talking about removing it from the zone file build. The registry should never send mail to the registrant. They should only communicate with the registrars they have contracts with.
Problems can and do occur, and just removing the delegation without some kind of warning isn't very fair.
The registrant gets the same service (no resolution for anything in the zone). Clients trying to resolve names in the zone may get better service, because their recursive lookup attempts fail more quickly in the case that the delegated nameservers do not respond. Joe - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Mon, 18 Mar 2002, Peter Mott wrote:
[1] Registrar should be able to register a name without specifying any name servers [2] Registry should require 2 or more name servers to be specified before including in a zone build [3] No tests for auth servers need to be completed by the registry at delegation time [4] Registrars may or may not include an auth test at registration time (as domainz registrar does today)
Hmm, agreed on 1,3 & 4, but:
My point [2] above is common sense, and not specified in any RFC. ICANN registries will in fact delegate a name to only one name server if that is all that is entered into the registry by a registrar.
rfc1912? And perhaps rfc2182 is relevant too? rfc1912 seems to be depreciated though, yet still seems to be recited as doctrine by many people that repetatedly violate the suggestions in 2182. My take on the latter is that it's not worth having more than one namserver if they're going to be sitting next to each other, plugged into the same power and same network switch. And when a number of domains in use today are simply 'vanity' personal ones that point to a simple webpage with an email forwarding service, requiring a second nameserver elsewhere that points people at the blackhole that exists when a SPoF takes out the primary nameserver, web server and mail relay seems a waste of effort. -- ** Colin Palmer, Systems and Development Group, University of Waikato, NZ ** - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
From: "Zanetti David"
Should the SRS test given nameservers for a name for authorativeness at submission (ie, check for lame delegations)
Absolutely NOT. Reason? Keep it simple, be generous with what you accept..., let the Registrar be pedantic if they choose. Most (umm, all) lame delegations on the Internet are created "later" (Name Servers have ceased to exist). Checking at registration time won't prevent this, do it later if you have to. Cheers BG. - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
participants (6)
-
Brian Gibbons -
Colin Palmer -
Joe Abley -
Peter Mott -
Simon Byrnand -
Zanetti David