[dns-operations] The strange case of fox.com

marius at isgate.is marius at isgate.is
Wed Mar 2 16:00:05 UTC 2016 

> Also as more and more people have domains the questions about how
> to had glue / update NS records have dropped off.  There is a lot
> of knowledge out there today.  The DNS isn't as specialised as it
> once was.  Registrars even have video tutorials for how to do this.
>
> There is a whole lot of unwarranted fear about what would happen
> if registries actually started enforcing delegation consistency.
> We have lived through the DNS going from being a niche skill to
> being a commodity product.  It is tainting our level of fear.
> 
> Yes, people will complain about registries doing this, but ultimately
> this is for the zone owners own good.  People will end up defending
> registries that do this and a new better base level of practice
> will be established.

Totally agree.

We have been enforcing delegation requirements on our registrants for
over 25 years (from the beginning of the .is registry - modelled after
.fr at the time) and have observed considerable improvement. Although 
we are a very small registry we do believe our methods would 
scale easily to larger registries.

We feel strongly that as a registry we must serve not only the
registrants (our direct customers) but also those that use 
DNS to look up these registrant's domains. 

After delegation all domains are checked once a month and with
the current setup we are checking about 1 domain per second 
(thus could scale to ~2M domains with the same setup.) If the domain
no longer satisfies the .is requirements, it is tested weekly
for eight weeks and progressively more of the domain's contacts
informed of the problem (starting with the domain's zone contact
which is assumed to be the operator of the domain's master nameserver). 
If the problem persists for over 8 weeks, the delegation is removed.

We have found that over the years, more and more of our registrants
(or their zone contacts) are grateful for the notification 
(as opposed to annoyed) and most have no problem fixing the faults 
with their authoritative NS setup or moving their DNS hosting services 
elsewhere. 

--
Marius Olafsson
ISNIC ltd.              https://www.isnic.is
Katrinartun 2
Reykjavik ICELAND       marius at isgate.is

More information about the dns-operations mailing list