[dns-operations] The strange case of fox.com

David C Lawrence tale at akamai.com
Mon Feb 29 15:54:06 UTC 2016


Mark Andrews writes:
> Note: this should have been caught by the registry when it is
> checking the delegation as per RFC 1034.  Registries have two sets
> of customers and failing to perform the checks is doing a disservice
> to *both* sets of customers.

I don't see an expectation in 1034 that a registry will perform
continuous monitoring of delegations.  Have I overlooked a relevant
section?

When the zone in question was first established over 15 years ago I
presume that it had a working apex NS set.  It also did when its
delegation was subsequently updated to point to its current
nameservers, what looks like happened half a decade ago.  The change
to the broken apex NS RRset happened a couple of months ago (and was
detected, and was reported to the customer).

Verisign as the .com registry should have detected the change?  What
should they have done when they discovered it was broken?



More information about the dns-operations mailing list