[dns-operations] Delegation checking (was: Re: Some DNSSEC trivia)
Paul Vixie
paul at vix.com
Wed Jan 9 15:29:46 UTC 2008
> ...
> But, back to what I have found the harder question during the years,
> and that is what should happen if the tests fail? Should the
> delegation be withdrawn?
>
> Patrik
ideally the name would continue to be reserved, and held by the registrant,
but the NS RRs would no longer be published, or would be changed to point
to a nameserver inside the registry which always returned SERVFAIL. this
would prevent queries from having to time out, it would give the registry
a chance to measure the traffic, and it would prevent someone from pirating
the original nameserver's IP address and thus taking over someone's zone.
More information about the dns-operations
mailing list