[dns-operations] Delegation checking (was: Re: Some DNSSEC trivia)

Patrik Fältström patrik at frobbit.se
Thu Jan 10 07:18:58 UTC 2008

On 10 jan 2008, at 07.42, Paul Vixie wrote:

>> 	Child zone operaters will ignore problem reported to them
>> 	(particularly in logs) until a zone fails to load or a
>> 	delegation is pulled.
> perhaps if we write some good RFCs and good code, we can get child  
> zone
> operators to know what the right thing is, know whether they're  
> doing the
> right thing, and know how to do the right thing.  google for "aesop  
> sun and
> wind" for more information on this approach i'm recommending.

Indeed, and we can encourage everyone to opt-in (and pay for) having  
their zones being checked now and then. This is something ccTLDs are  
even interested in doing. Encouraging the registrants to opt-in to  
such a service. That is btw why .SE is even funding development of  
software that do checks.

But going from that (opt-in, helping registrants) to removing a  
delegation is a _VERY_LARGE_STEP_.

Many child zone operators ignore the problem even if the zone fails to  
load. They are not interested in the delegation, only the registration  
of the domain name.


More information about the dns-operations mailing list