[dns-operations] dotless domains

Stephane Bortzmeyer bortzmeyer at nic.fr
Sat Sep 22 11:11:30 UTC 2012

On Fri, Sep 21, 2012 at 11:23:02AM -0700,
 David Conrad <drc at virtualized.org> wrote 
 a message of 38 lines which said:

> I'm not sure how ICANN is supposed to do that without 'regulations'.

I don't think I said that ICANN should regulate nothing. It is a
regulator (even if it denies it, claiming it only has a "narrow
technical role") so it regulates. But not all regulations are
good. And this one is clearly useless. 

> it is appropriate to be conservative in the degrees of freedom in
> which we can shoot ourselves in the foot. 

I disagree here. The creators of the DNS (thanks to them, by the way,
and congratulations) were quite careful in isolating the
problems. Unlike X.509 (where the weakness of one CA breaks the entire
system), DNS' tree structure ensure that a problem in .nl won't affect
.net and a problem in .info won't be an issue for .jp. There is no
need to be conservative here: both theory (DNS decentralized tree
structure) and practice (the 15 existing TLD with A or MX at the apex)
proves there is nothing to fear for the other TLDs.

> Given there is one root and that pretty much everybody is dependent
> upon it, you probably want to minimize the surprises that are
> associated with the root.

The discussion is about TLD, not about whether a A or MX at the root
makes sense.

More information about the dns-operations mailing list