[dns-operations] policy to prevent glue for "bogus" IP addresses

Brett Frankenberger rbf+dns-operations at panix.com
Sat Sep 12 00:06:06 UTC 2015

On Fri, Sep 11, 2015 at 10:54:53AM -0700, Paul Vixie wrote:
> hostname objects aren't the problem. "DEV" for example is not a
> registered hostname in ICANN. i know from experience that there are
> already great controls in place for hostnames referenced by TLD NS
> records. what i'm asking for here is controls for delegations of
> registered names.
> note that we already know we can't demand accurate whois, accountability
> of registrants, or timely removal of names used in network abuse or
> criminal activities. ICANN is structurally powerless toward those
> factors. that's why DNS RPZ exists (see https://dnsrpz.info/) -- we're
> placing defenses at the near end which would be far more effective and
> economical at the far end. i do NOT want to have to take the same
> approach with NS->(AAAA|A) chains that point into
> unadvertised/unreachable/local address space.

In your view, is the prohibition via ICANN requirements on registries or
registrars, of, for example,
  XYZ.COM NS ...->
worth the effort it would take, given that it would not prevent
  ABC.XYZ.COM NS ...->

     -- Brett

More information about the dns-operations mailing list