[dns-operations] Delegation checking (was: Re: Some DNSSEC trivia)

Andrew Sullivan andrew at ca.afilias.info
Thu Jan 10 15:38:11 UTC 2008

On Thu, Jan 10, 2008 at 02:54:04PM +0000, Paul Vixie wrote:

> then one thing the registries could do is offer registration without delegation
> as a service, just to keep the bad delegations from tripping up clients.

EPP provides a facility for this today: it's called clientHold.  I
know that Afilias's software provides the capability.  I don't,
however, know whether registrars expose this feature to their
customers.  Note that some registrars find it very valuable to look at
the DNS traffic they receive, so if you want to "park" your domain,
they'll "host" it for you on their DNS servers.  Again, as a registry,
there is nothing you can do about that, because you have to take the
registration data your registrars send.  (This is exactly why any
checking proposal is opposed, I believe: registrars regard it as the
thin end of a wedge separating them from clickstream traffic.)

Emphatically not speaking for my employer, I would point out that this
is a big disadvantage to the competitive-registrar model that we have:
registries have a very hard time competing with other ones on
technical grounds, because the active market is at the registrant
level, rather than the registrar level.  The relationship between
registrars and registries that receive delegation from ICANN is so
tightly structured that it's quite difficult to distinguish oneself.


Andrew Sullivan                         204-4141 Yonge Street
Afilias Canada                        Toronto, Ontario Canada
<andrew at ca.afilias.info>                              M2P 2A8
jabber: ajsaf at jabber.org                 +1 416 646 3304 x4110

More information about the dns-operations mailing list