[dns-operations] Delegation checking (was: Re: Some DNSSEC trivia)
paul at vix.com
Wed Jan 9 15:29:46 UTC 2008
> But, back to what I have found the harder question during the years,
> and that is what should happen if the tests fail? Should the
> delegation be withdrawn?
ideally the name would continue to be reserved, and held by the registrant,
but the NS RRs would no longer be published, or would be changed to point
to a nameserver inside the registry which always returned SERVFAIL. this
would prevent queries from having to time out, it would give the registry
a chance to measure the traffic, and it would prevent someone from pirating
the original nameserver's IP address and thus taking over someone's zone.
More information about the dns-operations