[dns-operations] 答复: about NXDOMAIN under the TLD .ws
edward.lewis at icann.org
Tue Mar 22 13:25:36 UTC 2016
On 3/22/16, 6:41, "dns-operations on behalf of 张在峰"
<dns-operations-bounces at dns-oarc.net on behalf of zhangzaifeng at 360.cn>
>I just reviewed all TLDs.
>The following TLD have wildcards record except the rdata 127.0.53.53.
>*.ph. 299 IN A 220.127.116.11
>*.sy. 21599 IN A 18.104.22.168
>*.ws. 299 IN A 22.214.171.124
>*.中国. 21599 IN A 126.96.36.199
>*.中國. 21599 IN A 188.8.131.52
As far as the DNS protocol is concerned, the only issue with a TLD owning
a wildcard entry is if they elect to sign with DNSSEC, use NSEC3 with
opt-out. (RFC 5155, section 12.2 covers Opt-out Considerations, but I
don't see that it specifically documents the issue. RFC 4592 on Wildcards
predates NSEC3, it doesn't mention the opt-out issue.)
Many TLDs are operated under agreements to not include a wildcard entry.
Such agreements are based on issues beyond simple protocol correctness,
such as prohibitions against including authoritative (i.e., non-glue)
Confusing registration rules and DNS protocol rules is a common error.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4604 bytes
Desc: not available
More information about the dns-operations