[dns-operations] Delegation checking (was: Re: Some DNSSECtrivia)

brett brett at blacksunsystems.co.uk
Wed Jan 30 19:24:56 UTC 2008


> On Behalf Of Frederico A C Neves
> Sent: Monday, January 14, 2008 4:25 PM
> To: dns-operations at lists.oarci.net
> Subject: Re: [dns-operations] Delegation checking (was: Re: Some
> DNSSECtrivia)
> 
> On Wed, Jan 09, 2008 at 11:36:57AM +0100, Stephane Bortzmeyer wrote:
> > On Tue, Jan 08, 2008 at 09:30:30PM +0000,
> >  Lutz Donnerhacke <lutz at iks-jena.de> wrote
> >  a message of 21 lines which said:
> ...
> >
> > > and the zone was not longer delegated from FR.
> >
> > This is completely impossible. As I said, AFNIC never deletes a
".fr"
> > for a technical fault (technical tests are done *before* delegation
> > and a technical failure, once the delegation is done, cannot cause a
> > deletion or holding or whatever). AFAIK, ".br" is the only registry
> > which undelegates domains if a technical test fails (I'm note sure,
> > please check with ".br" people before spreading the information).
> 
> We only accept delegations and updates when the servers are correctly
> configured.
> 
> Weekly we recheck de delegations, keep a public report at whois, and
> every two weeks report back on lame delegation cases.
> 
> We don't undelegate lame domains but we continue to notify them.
> 
> This policy brought our lame delegations to 9% of our zone data. See
> http://registro.br/stat/dns.html for historic data.
> 
> > If you want to sort out that, do not hesitate to send me details
> > privately (or to the official channel, support at afnic.fr).
> 


I believe the RIPE NCC are also doing something similar, based on the
definition of lameness in ripe-400:

http://www.ripe.net/ripe/docs/ripe-400.html


Brett, who apologises if the conversation has moved on somewhat, I'm a
bit behind reading this list.




More information about the dns-operations mailing list