[dns-operations] Forgery resilience idea - wildcard cooperative defense
Eric Brunner-Williams
brunner at nic-naa.net
Thu Aug 7 22:33:41 UTC 2008
When I was employed by NeuStar I pointed out that registries need a
registrar, if only to solve the immediate problem(s) posed by registrar
failure (RegisterFly wouldn't happen for another 7 years), plus the
benefit of having a live test of the registry's toolkit(s).
Additionally, I don't think the only reading of "the registrar" in
Bert's note is the cardinal number one.
Andrew Sullivan wrote:
> I've elided namedroppers@, since this has nothing to do with the protocol
>
> On Thu, Aug 07, 2008 at 01:49:47PM -0400, Brian Dickson wrote:
>
>
>> ADNS, RDNS, *one* zone + registry, *one* registrar, and the ops procedures
>>
>
> I would be pretty nervous about using DNSSEC in a top level zone that
> had only one registrar supporting it. Registrars go out of business,
> and 1-1 is 0. It'd be rather bad news if your DNSSEC-enable zone
> suddenly couldn't be managed.
>
> A
>
>
More information about the dns-operations
mailing list