[dns-operations] Fwd: Re: [Security] Glue or not glue?
Mark E. Jeftovic
markjr at easydns.com
Wed Jun 10 00:29:05 UTC 2015
Mark Andrews wrote:
> Additionally there are "risks" with both strategies. If you have
> vanity names then you have the risk of not updating all the glue
> records when you renumber the nameservers.
>
> The biggest issue is not having delegations checked by all parties
> involved in the delegation. Checks catch errors and the DNS has a
> high error rate with delegation being broken due to this lack of
> checking.
>
Agree, we have been diligently trying to dissuade users from using
vanity nameservers whenever we can. Alas, the fact that people can
arbitrarily create vanity nameservers pointing at IPs they don't operate
is a long standing beef.
It goes back to an old wish I've expressed in the past that there needs
to be some kind of nameserver operator protocol where ops can have some
degree of control over entities that get delegated to them (from
external registrars) or host entities using their IPs.
But I don't see it happening.
- mark
--
Mark E. Jeftovic <markjr at easydns.com>
Founder & CEO, easyDNS Technologies Inc.
+1-(416)-535-8672 ext 225
Read my blog: http://markable.com
More information about the dns-operations
mailing list