[dns-operations] Fwd: Re: [Security] Glue or not glue?

Paul Vixie paul at redbarn.org
Tue Jun 9 16:16:16 UTC 2015



Mark E. Jeftovic wrote:
> I'd like to revisit this thread because I never got a response last time.
> ...
> Paul when you say:
>
>> if we're voting, i agree with this recommendation. (we should have named the root name servers X.ROOT-SERVERS without a delegation for .ROOT-SERVERS, so as to keep them in-zone, and we're still paying for that mistake.)
>
> ...
>
> ... are you saying this would be your preferred method for wider use?
> I.e. when Joe 6-pack regs joesixpack.six and he's going to just host a
> website and email he should have in bailiwick nameservers (even if those
> nameservers are being operated by his registrar/web host/dns provider?)
>
> In other words, are you saying every domain registered should have
> "vanity" nameservers?

no. thanks for asking, this is an important distinction. only a
delegation-mostly or delegation-only zone would benefit from in-zone
name server names. for the rest, i think we get a far greater benefit
from sharing name server names among large numbers of zones, than we
could get by including name server AAAA and A RRsets in the delegation.

-- 
Paul Vixie



More information about the dns-operations mailing list