[dns-operations] Delegation checking (was: Re: Some DNSSEC trivia)
patrik at frobbit.se
Tue Jan 8 18:46:59 UTC 2008
On 8 jan 2008, at 18.28, Niall O'Reilly wrote:
> What you describe seems to match fairly closely something I've
> seen out there on the Web. I'll forward this off-list to the
> person involved, as it's for him rather than for me to say anything
> about it.
I might be one of the persons that have written such a tool (http://dnscheck.se
) you think of and I know many other have as well (.SE have rewritten
my tool in better code, .FR have theirs etc).
But, part from the discussion among DNS-technies of "what is a correct
delegation", there is also a much more important discussion on what
responsibility what party has for the delegation. Remember we have in
many cases not only the registry and the domain name holder, but also
the registrar and the tech-c (the party running the DNS). And if an
error is found (by someone), what should happen? Should as a last
resort the domain be withdrawn?
I have seen these discussions pop up every 2nd year or so though, and
I think personally that what a registry can do is to check at time of
registration the correctness of the delegation (note that I am saying
delegation here, and not registration as I think those are two
different things). Then the registry can have as a service to check
the delegation for the registrant. But, that should be an opt in.
There is nothing as frustrating as a domain name holder that want to
run a domain a certain way, and that registrant still get pokes from
the registry on "what is correct" when the registry and registrant
disagree on what is correct.
We have also had that discussion regarding ENUM, as there are
legislative rules here and there on the responsibility on call
completion which suddenly include DNS resolution.
Result has been the same -- noone know what is correct, but having the
registry "just" checking, warning and penalizing some registrant is
not the right thing to do. IMHO.
More information about the dns-operations