[dns-operations] DNSSEC, IPv6 glue, multiple DNS servers, and eating your own dog food
Vernon Schryver
vjs at rhyolite.com
Fri Jul 20 22:56:36 UTC 2012
An obvious filter for prospective registrars occurred to me at this,
nearly the end of my week long efforts to get my trivial domains
signed.
A registrar that does not have DS records for its main domain names
might lack experience dealing with DNSSEC registrations.
A registrar whose main domains lack AAAA records for any NS names might
lack real world information about IPv6 glue.
A registrar or reseller that does not have have a WHOIS record with
a minimal set of servers or at least NS records might lack empathy
for those of us who think such things are a good idea.
You don't need to ask people at the registrar.
`dig example.com ds`, `dig example.com aaaa`, and `dig example.com ns`
can give more authoritative answers than anything people might say.
Its funny but not amusing that those commands give better results
for the unreal example.com than for any of the registrars that I
recall being mentioned here recently. This should be particularly
embarrassing for one of them.
I tried several other registrars on
http://www.dotandco.net/ressources/icann_registrars/details/position.en
and found *none* that could pass that trivial filter.
Talk about a race to the bottom!
Vernon Schryver vjs at rhyolite.com
P.S. "eating your own dog food" is not an insult but the old programmer's
motto about using the stuff that you would foist on others.
P.S. The imperfections in ARIN's reverse DNS web page are consistent
with the lack of DS RRs for arin.net. ICANN passes.
More information about the dns-operations
mailing list