[dns-operations] When TLDs have apex A records
Randy Bush
randy at psg.com
Sat Jul 4 00:35:52 UTC 2009
>>>> I can imagine that the primary motivation doing this is so that
>>>> users can enter http://tld/ in a browser and find themselves at an
>>>> appropriate page.
>>> Or they have put wildcards in at the root.
>> i hear icann, at their meddling best, has now outlawed that. so i
>> think i'll probably put one or two in when i get a spare moment.
> Didn't know you were such a fan of SiteFinder.
am not. but icann is acting like the tsa. someone had a bit of
explosive in their shoe, so shoes are now anathma. as the joke goes,
luckily it was not a bomb in his undies.
> I gather you considered the IAB meddling when they posted
> http://www.iab.org/documents/docs/2003-09-20-dns-wildcards.html
i would make a change
Proposed guideline: If you want to use wildcards in your zone and
understand the risks, go ahead, but only do so with the informed
consent of the entities that are delegated within your zone.
s/the entities/affected entities/
> More pragmatically, do you have substantive criticism of
> http://www.icann.org/en/committees/security/sac015.htm?
like the tsa, it goes from useful
TLDs should refrain from using services that make use of wildcard
services and synthesized DNS reponses.
to overly prescriptive
Why Top Level Domains Should Not Use Wildcard Resource Records
randy
More information about the dns-operations
mailing list