[dns-operations] TLDs proudly requiring technical tests before delegating

Stephane Bortzmeyer bortzmeyer at nic.fr
Wed Mar 9 08:17:03 UTC 2011


On Tue, Mar 08, 2011 at 02:34:11PM -0800,
 David Ulevitch <david at opendns.com> wrote 
 a message of 26 lines which said:

> (2) Requiring it removes a DDoS mitigation technique that is made
> available to operators today, one of the few remaining.  

Could you elaborate? I am not aware of a DDoS mitigation technique
which is disabled by mandatory technical tests before delegation.

> (3) It would mess up Amazon's Route 53 delegation tricks which are
> nice for traffic management and for DDoS detection and mitigation.

Same question.

> (4) Delegating to /dev/null is quite handy for reasons even beyond
> DDoS mitigation.

Are you sure you don't mix registration with delegation? I see the
point of registering without delegating, I completely fail to see why
delegating to 127.0.0.1 or 8.8.8.8 could be useful.

> (5) It accomplishes almost nothing since moments after verifying a
> delegation, it can be yanked by the authoritative DNS server.

Tests done with our DNSdelve tool <http://www.dnsdelve.net/> show
that, one year after registration, more than 90 % of the .FR domains
still pass the technical tests.

Disclaimers: .FR require successful technical tests before delegation
takes place. They are done with the Zonecheck tool
<http://www.zonecheck.fr/>. registration != delegation. We have not
one domain with 8.8.*.* as a name server. The tests are obviously done
by the registry, not by the registrars.



More information about the dns-operations mailing list