[dns-operations] 答复: about NXDOMAIN under the TLD .ws
Edward Lewis
edward.lewis at icann.org
Tue Mar 22 13:25:36 UTC 2016
On 3/22/16, 6:41, "dns-operations on behalf of 张在峰"
<dns-operations-bounces at dns-oarc.net on behalf of zhangzaifeng at 360.cn>
wrote:
>I just reviewed all TLDs.
>The following TLD have wildcards record except the rdata 127.0.53.53.
>
>*.ph. 299 IN A 45.79.222.138
>*.sy. 21599 IN A 91.144.20.76
>*.ws. 299 IN A 64.70.19.202
>*.中国. 21599 IN A 218.241.116.40
>*.中國. 21599 IN A 218.241.116.40
As far as the DNS protocol is concerned, the only issue with a TLD owning
a wildcard entry is if they elect to sign with DNSSEC, use NSEC3 with
opt-out. (RFC 5155, section 12.2 covers Opt-out Considerations, but I
don't see that it specifically documents the issue. RFC 4592 on Wildcards
predates NSEC3, it doesn't mention the opt-out issue.)
Many TLDs are operated under agreements to not include a wildcard entry.
Such agreements are based on issues beyond simple protocol correctness,
such as prohibitions against including authoritative (i.e., non-glue)
address records.
Confusing registration rules and DNS protocol rules is a common error.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4604 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20160322/43225a5e/attachment.bin>
More information about the dns-operations
mailing list