[dns-operations] Florian Weimer: Re: On-going Internet Emergency and Domain Names

Paul Vixie paul at vix.com
Sat Mar 31 21:48:59 UTC 2007

> From: Florian Weimer <fw at deneb.enyo.de>
> Well, once more people learn about DLV (especially the NS override
> extension that has been requested by zone operators),

do tell?  as the primary promulgator of dlv i'd've expected to hear about
anything with a sexy name like "NS override extension".

> ... more and more questions will pop up why we can't do this for NS records
> they don't like for some reason.  The genie is out of the bottle, I'm
> afraid.

as i said to gadi on the nanog thread, poison-at-scale would either not work
at all, or set a very dangerous precedent.

> The legal details for operating and using a lookaside zone are rather
> interesting, which strongly suggests that this isn't a solution that can be
> rolled out in a reasonable time frame.  On the more technical side, some
> very large operators have mostly out-sourced their DNS operation, so they
> can't easily deploy an upgrade from ISC even if it were available today.

yes but davidu or any of the DHT people could role something like this out
in their own nameservers, and probably have suggestions for a scalable poison
system using hashes to avoid flooding the whole network with reputation
traffic.  it's worth listening to these ideas even if there's no way to
get instantly gratifying traction on them this week.

> I fear that many registrars make most of their money with trademark
> violations of their customers.  If that is indeed true, showing any sign of
> responsibility could be suicidal.

i agree.  which shows something else gadi has been saying for a while, which
is that the icann system does not encourage enough social responsibility.  a
"registrar wall of sheep" could cost irresponsible registrars money on their
non-violating business or even cost them their icann accreditation.  otherwise
the lambs are agreeing to lay down with the lions, and that's not a happy

More information about the dns-operations mailing list