[dns-operations] Delegation checking

Shane Kerr Shane_Kerr at isc.org
Thu Jan 10 14:37:15 UTC 2008

Randy Bush wrote:
>> in other words, are we looking at this wrong, saying that lameness is a
>> parent's problem?  maybe if we say it's a child's problem, and do what we
>> can to help zone operators run better child zones, our part can be bigger?
> i am uninterested in the sisyphean task of fixing the root, if it 
> actually needs fixing, which i hope not.  i feel responsible for those 
> zones i have delegated to me and which i delegate.

IMHO this is key.

Not surprisingly, DNS folks think DNS is really, REALLY important, and we need
to do whatever it takes to keep the delegations clean. Further, people that
don't keep their DNS well-maintained are no better than people who cut in line
or throw trash on the street, and are basically horrible cads.

But one of the reasons DNS is so successful is that it allows the people who
benefit from the service to make it as reliable as they need for it to be. If I
want to set up anycast clusters on diverse hardware, OS, and server
configurations scattered throughout the world in bomb shelters, then I can.
OTOH, if I want to run my DNS on an old 80486 box on my ISDN line, then I can do
that too.

Sure, it is nice to provide automated checks and do whatever we can to help
people provide high quality DNS, but I think there is a serious cost-benefit
mismatch when we start getting upset about people not meeting their
"responsibilities". Their *real* responsibility is to provide DNS that lets
people use whatever services they choose to provide.

Basically, I do agree that delegation checking is good, and since a lot of TLD
have money that they can't get rid of and need to find somewhat useful things to
do with it, this is probably a useful activity. Please keep a sense of
perspective though - a few stray packets and client timeouts are not the end of


More information about the dns-operations mailing list