[dns-operations] TLDs proudly requiring technical tests before delegating
Stephane Bortzmeyer
bortzmeyer at nic.fr
Wed Mar 9 08:17:03 UTC 2011
On Tue, Mar 08, 2011 at 02:34:11PM -0800,
David Ulevitch <david at opendns.com> wrote
a message of 26 lines which said:
> (2) Requiring it removes a DDoS mitigation technique that is made
> available to operators today, one of the few remaining.
Could you elaborate? I am not aware of a DDoS mitigation technique
which is disabled by mandatory technical tests before delegation.
> (3) It would mess up Amazon's Route 53 delegation tricks which are
> nice for traffic management and for DDoS detection and mitigation.
Same question.
> (4) Delegating to /dev/null is quite handy for reasons even beyond
> DDoS mitigation.
Are you sure you don't mix registration with delegation? I see the
point of registering without delegating, I completely fail to see why
delegating to 127.0.0.1 or 8.8.8.8 could be useful.
> (5) It accomplishes almost nothing since moments after verifying a
> delegation, it can be yanked by the authoritative DNS server.
Tests done with our DNSdelve tool <http://www.dnsdelve.net/> show
that, one year after registration, more than 90 % of the .FR domains
still pass the technical tests.
Disclaimers: .FR require successful technical tests before delegation
takes place. They are done with the Zonecheck tool
<http://www.zonecheck.fr/>. registration != delegation. We have not
one domain with 8.8.*.* as a name server. The tests are obviously done
by the registry, not by the registrars.
More information about the dns-operations
mailing list