[dns-operations] Dumb question: why is it that some, registries limit the nameservers that can be delegated to?

Calvin Browne calvin at orange-tree.alt.za
Fri Sep 12 07:53:12 UTC 2014

On 11/09/2014 19:03, dns-operations-request at dns-oarc.net wrote:
> Thanks for the explanation, that helps! If we step back from the
> practise, do we think it's a good thing?

I'm of the opinion that something that can be determined
algorithmically (i.e. when glue should or shouldn't be added),
should be done exactly that way.

A separate registration process prevents this and introduces
a whole bunch of other issues, such as who owns the object,
who can operate on it, what happens when it gets orphaned,
or the parent changes registrar, what happens to
dependencies on deletion etc.

And I'm also 100% with marka on this. If the server being
delegated to can't respond for the name being delegated to,
the Registry delegating thereto is just being irresponsible.
[with delegation being separate to registration imho]

but I increasingly find myself on the losing end of these
arguments when money or market entrenchment/forces
come into play.


> One the one hand, requiring that nameservers be registered creates
> downward pressure on the number of active authoritative name server
> names in the world, which has benefits for cache efficiencies (ie many
> zones delegated to the same names).
> One the other hand, it can be beneficial to give every zone unique
> name server names (in-zone vanity names, or otherwise), even if those
> names resolve to the same name-servers. That would makes it easier to
> manage single zone migrations and things like DDOS isolation. These
> days I think it might be as common to move a single zone around as it
> is to renumber a host.

More information about the dns-operations mailing list