[dns-operations] DNSSEC, IPv6 glue, multiple DNS servers, and eating your own dog food

DTNX Postmaster postmaster at dtnx.net
Mon Jul 23 06:50:36 UTC 2012

On Jul 21, 2012, at 00:56, Vernon Schryver wrote:

> An obvious filter for prospective registrars occurred to me at this,
> nearly the end of my week long efforts to get my trivial domains
> signed.
> A registrar that does not have DS records for its main domain names
> might lack experience dealing with DNSSEC registrations.
> A registrar whose main domains lack AAAA records for any NS names might
> lack real world information about IPv6 glue.
> A registrar or reseller that does not have have a WHOIS record with
> a minimal set of servers or at least NS records might lack empathy
> for those of us who think such things are a good idea.
> You don't need to ask people at the registrar.
> `dig example.com ds`, `dig example.com aaaa`, and `dig example.com ns`
> can give more authoritative answers than anything people might say.
> Its funny but not amusing that those commands give better results
> for the unreal example.com than for any of the registrars that I
> recall being mentioned here recently.  This should be particularly
> embarrassing for one of them.
> I tried several other registrars on
> http://www.dotandco.net/ressources/icann_registrars/details/position.en
> and found *none* that could pass that trivial filter.
> Talk about a race to the bottom!

Apologies if this is an obvious thing, but what is the benefit of 
publishing a DS record within the zone itself? Shouldn't they be 
published within the parent zone?


More information about the dns-operations mailing list