[dns-operations] Delegation health was Re: Worst current practice example

Patrik Wallström pawal at blipp.com
Mon May 10 08:10:50 UTC 2010 

On May 5, 2010, at 11:04 PM, Patrik Fältström wrote:

>> But as has been pointed out repeatedly whenever this topic comes up,
>> many registries are not allowed to contact registrants directly.
>> Registrars could do this for their registrants if they wanted (and in
>> fact some do).  If registries do this and detect a problem, they don't
>> even know that they have anything useful to do, because the registrar
>> might not be the DNS operator (cf. other discussions about
>> "ripple-free transfer" and DNSSEC).  
> 
> And, it is not the registrant that should know about it, but the DNS operator of the zone.
> 
> You have four roles for each domain: Registry, Registrar, Holder of the domain and DNS operator.

And when you talk about "DNS operator" it might not only be one role either. Within the "DNS operator" role you have name server operators, zone editor and zone signer. All of which can be different entities, and "name server operators" can be more than one - and depending on the type of organization, zone editor and zone signer can also be multiple entities (look at the root signing stuff).

> In some cases the same entity have more than one role, but in an amazingly large number of cases that is not the case.

For the 70 of so domains that I host on my primary server I am the primary DNS server, editor and signer for about half of them. Secondaries are external parties in about 50% of those cases. I don't think this is very uncommon.

> I do also think that most of the confusion is that *we* who actually know the difference about the four roles are not careful enough when we use the terminology are ourselves creating most of the confusion.
> 
> I know some registries that talk about "webhosting company" or "registrar" when they in both cases in reality mean DNS operator... Or the registries that have "www." wherever they talk about domain names.
> 
> We must because of this ourselves be more careful with terminology, or else the world will never learn. I.e. we have ourselves to blame for many confusions.

Yes. And even the term "DNS operator" is not very clear.

More information about the dns-operations mailing list