[dns-operations] dotless domains

Robert Edmonds edmonds at isc.org
Sat Sep 22 18:30:05 UTC 2012

Stephane Bortzmeyer wrote:
> I disagree here. The creators of the DNS (thanks to them, by the way,
> and congratulations) were quite careful in isolating the
> problems. Unlike X.509 (where the weakness of one CA breaks the entire
> system), DNS' tree structure ensure that a problem in .nl won't affect
> .net and a problem in .info won't be an issue for .jp. There is no
> need to be conservative here: both theory (DNS decentralized tree
> structure) and practice (the 15 existing TLD with A or MX at the apex)
> proves there is nothing to fear for the other TLDs.

i think "ensure" is too strong a word here.  due to NSDNAME indirection
you can of course introduce cross-dependencies between sibling domains.
to take a real example, .pm, .re, .tf, .wf can all only be reached if
.fr is reachable :)

those internal DNS dependencies may not be visible to the APIs used by
client applications, but the clients are ultimately dependent on
resolvers that do have to care about such dependencies.

Robert Edmonds
edmonds at isc.org

More information about the dns-operations mailing list