[dns-operations] Delegation checking (was: Re: Some DNSSEC trivia)

[Mark Andrews]

> 
> On 9-Jan-2008, at 18:41, Mark Andrews wrote:
> 
> > 	There is a real dollar cost to registries not performing
> > 	these checks.  Doing the check at the registry level will
> > 	minimise the overall cost.
> 
> There's a real dollar cost to a registry in performing these checks,  
> and a bigger cost in taking action in response to the observed results.

	Yes there is a cost but it is a smaller cost to the community
	overall if the registry did what it is required to do.
 
> There's a real dollar cost to a registrar in dealing with a registry  
> that removes names from the DNS when lame delegations are found,  
> regardless of whether they receive notification in advance of the  
> removal of the name.
> 
> For a commercial registry or registrar, what is the benefit to the  
> shareholders of performing such checks and taking corresponding  
> action? All I see are costs and competitive disadvantage. "It'll save  
> ISC money" doesn't sound like a winning argument :-)

	It's a cost on everyone that attempts to perform a lookup
	through a lame delegation.  Our costs are minisule compared
	to the overall cost on the comunity.

	The DNS has got a reputation that it is not reliable.  There
	really is only one reason for that reputation.  Lack of
	enforcement of operational and iplementation requirements.

	ISC does its part.  We make it very hard to load bad data
	into DNS.  We enforce what is practical to enforce in a
	nameserver.

	Mark
 
> Personally, I wish there were no lame delegations anywhere in the  
> namespace, but I struggle to see a business case here. If there's no  
> commercial motivation for doing it, why would anybody expect it ever  
> to happen without regulation?
> 
> Joe
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org