[dns-operations] Forgery resilience idea - wildcard cooperative defense

Eric Brunner-Williams brunner at nic-naa.net
Thu Aug 7 22:33:41 UTC 2008

When I was employed by NeuStar I pointed out that registries need a 
registrar, if only to solve the immediate problem(s) posed by registrar 
failure (RegisterFly wouldn't happen for another 7 years), plus the 
benefit of having a live test of the registry's toolkit(s).

Additionally, I don't think the only reading of "the registrar" in 
Bert's note is the cardinal number one.

Andrew Sullivan wrote:
> I've elided namedroppers@, since this has nothing to do with the protocol
> On Thu, Aug 07, 2008 at 01:49:47PM -0400, Brian Dickson wrote:
>> ADNS, RDNS, *one* zone + registry, *one* registrar, and the ops procedures 
> I would be pretty nervous about using DNSSEC in a top level zone that
> had only one registrar supporting it.  Registrars go out of business,
> and 1-1 is 0.  It'd be rather bad news if your DNSSEC-enable zone
> suddenly couldn't be managed.
> A

More information about the dns-operations mailing list