[dns-operations] DNS trust dependencies for TLDs

Matthew Dempsky matthew at dempsky.org
Mon Jun 15 08:50:33 UTC 2009


On Mon, Jun 15, 2009 at 12:44 AM, Antoin
Verschuren<Antoin.Verschuren at sidn.nl> wrote:
> I don't get it, sorry.
> The .nl zone is a delegation only zone. (if not, then please provide me with a clear definition).

Right, today it is.  The entire issue of delegation-only was under the
hypothetical scenario that .nl changed to a delegation scheme like
.se, which is not a delegation-only zone.

> I think having some NS'es for .nl in a different zone or even under a different TLD is a good practice when glue failures arise due to operational errors.

Can you elaborate on what kind of glue failures and operation errors
you're concerned about?  E.g., if you don't trust the root servers to
serve A records correctly, how do you trust them to serve NS records
correctly?

> And I don't understand why such a situation should be different for a TLD as compared to any other zone.

I agree; other zones should avoid unnecessary dependencies as well.



More information about the dns-operations mailing list