[dns-operations] thoughts on DNSSEC

Vernon Schryver vjs at rhyolite.com
Wed Jul 18 18:03:32 UTC 2012

> It seems to me that registrants are in a position to make
> determinations about the extent of a regisrtar's actual support of
> DNSSEC on the basis of their interface support and the claims of their
> support staff. 

How does a prospective customer check a registrar's interface without
doing something approaching reality like registering a throw-away name?
The costs in time and hassles of that are a barrier.

Worse, not only could "send mail" be better in theory than web forms,
you can't tell whether web forms are sugar coatings on dung worse than
typical "send mail" without a lot more than an initial registration
and twiddling.  For example, from an initial registration I wouldn't
have known about GoDaddy's understanding of permission to try to bill
credit numbers they happen to have for wonderful new services like
"alert mail boxes" (nothing to do with SMTP, IMAP, or POP).

For another example, Opensrs/Tucows claims to support IPv6, but
when I last tried an IPv6 address in the "store front" web forms
somehow provided to my reseller by Opensrs/Tucows, they choked.
You win if you bet that the Opensrs answer was "send mail with your
glue to support."  I blame my reseller for not simply diving in and
fixing the web form parsing, but not more than I value past personal
attention and advocacy inside the registrar.

>                 The ICANN pages are surely a good place to start, but
> only to start.

I think that overstates the value of the ICANN page.

Vernon Schryver    vjs at rhyolite.com

More information about the dns-operations mailing list