[dns-operations] Delegation checking (was: Re: Some DNSSEC trivia)
Joe Abley
jabley at ca.afilias.info
Thu Jan 10 14:53:31 UTC 2008
On 9-Jan-2008, at 23:24, Paul Vixie wrote:
>> ISC does its part. We make it very hard to load bad data
>> into DNS. We enforce what is practical to enforce in a
>> nameserver.
>
> maybe we could add an option, defaulting to off, that would have a
> server
> periodically walk the tree from the root to itself, checking for
> above/below
> deltas across each delegation, and checking for lameness?
Wouldn't such an option have to walk the entire namespace looking for
delegations, and wouldn't such a walk require the ability to enumerate
the contents of zones hosted elsewhere?
(Or I could be misunderstanding what you're suggesting. The phrase
"from the root to itself" confuses me, since "root" seems to be a
namespace word, and "itself" seems to be a nameserver word).
Joe
More information about the dns-operations
mailing list