[dns-operations] go daddy refuses to register NS not otherwise associated with go daddy controlled domains

Fred Morris m3047 at m3047.net
Wed Sep 12 18:23:53 UTC 2012

On Wed, 12 Sep 2012, Joe Abley wrote:
> [...]
> Your central complaint seems to be that delegations exist which are
> broken, intentionally or otherwise.


> It's not clear who you're
> complaining about, though, or why you care.
> There is positive pressure to fix errors in the DNS if they matter. If
> defective delegations are hurting a registry, the registry can push for
> a policy change which permits them to remove the delegations. If
> registrants feel pain because people can't resolve their names, no doubt
> they will arrange for the brokenness to be fixed.

I'll take that as your definition of "positive pressure".

> [lemma 1] If something in the DNS is broken and nobody cares, you can
> expect it not to be fixed.
> [...] [lemma 2] Bits that people don't care about can remain broken,
> because nobody cares.
> Note that none of this has anything to do with EPP.

Technically, narrowly: you are correct. It really isn't about EPP.

Corollary from lemma 1: It's about people (primarily working for
registrars, as I understand it) trying to solve a problem with
orphan/zombie (call them whatever you wish) glue records (nameserver
records published above the zone cut). They want to solve this problem,
and they've crafted a solution. This is where we get the use case (which
started this thread) about restrictions on the nameservers which people
are allowed to register for their domains.

Their solution causes a problem for their customers, and their customers
too have found a solution: register (what is implemented as) garbage. As
long as it meets the rules imposed on them from above at "interface value"
it's good enough.

Following from lemma 2: Large parts of the (RFC) requirements for what an
authoritative nameserver is supposed to do/provide are effectively
optional if all you're interested in is mapping an FQDN to an address or
having it not map at all.

The problem that I see is that as minimally as organizations which are in
particular defensively registering domains care, somebody in the
organization is likely to ask "is the DNS for X ok?" meaning not hijacked
or doing something that they don't want done. The person asking this
question is not someone reading this list and probably has a different
definition of "ok" than many of us; and by the time the question gets put
to us, the querant's definition of "ok" is lost (particularly what they
want or don't want done).

Also following from lemmas 1 and 2: The registries could obviate the
need for most of this charade by allowing CNAMEs above the zone cut. But
they don't.


Fred Morris, internet plumber

More information about the dns-operations mailing list