[dns-operations] delegation-only: How useful?
Florian Weimer
fweimer at bfk.de
Wed Aug 20 07:28:03 UTC 2008
* Dave Wilson:
> If its useful, then perhaps I should expand the list to cover more
> than just .com and .net, which I suspect are just there as
> examples.
Absolutely not. Even .COM and .NET are by no means delegation-only.
Several ccTLDs which are not listed in ISC's root-delegation-only
exclude list have _nicname._tcp/IN/SRV entries to help WHOIS clients.
Making them delegation-only breaks this functionality. And guess what
happens if a delegation-only zone is served from name servers whose
address records are in-zone and not delegated.
BIND's delegation-only was a short-term response to Verisign's
Sitefinder experiment, and may have helped to end this practice at the
TLD level. But from a technical perspective, it is risky and it
limits legitimate zone changes by administrators of delegation-only
zones. It has also failed to stop the general adoption of ad
injection through DNS manipulation.
--
Florian Weimer <fweimer at bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
More information about the dns-operations
mailing list