[dns-operations] 答复: about NXDOMAIN under the TLD .ws

Edward Lewis edward.lewis at icann.org
Tue Mar 22 13:25:36 UTC 2016

On 3/22/16, 6:41, "dns-operations on behalf of 张在峰"
<dns-operations-bounces at dns-oarc.net on behalf of zhangzaifeng at 360.cn>

>I just reviewed all TLDs.
>The following TLD have wildcards record except the rdata
>*.ph. 299 IN	A
>*.sy. 21599 IN	A
>*.ws. 299 IN	A
>*.中国. 21599 IN A
>*.中國. 21599 IN A

As far as the DNS protocol is concerned, the only issue with a TLD owning
a wildcard entry is if they elect to sign with DNSSEC, use NSEC3 with
opt-out.  (RFC 5155, section 12.2 covers Opt-out Considerations, but I
don't see that it specifically documents the issue.  RFC 4592 on Wildcards
predates NSEC3, it doesn't mention the opt-out issue.)

Many TLDs are operated under agreements to not include a wildcard entry.
Such agreements are based on issues beyond simple protocol correctness,
such as prohibitions against including authoritative (i.e., non-glue)
address records.

Confusing registration rules and DNS protocol rules is a common error.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4604 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20160322/43225a5e/attachment.bin>

More information about the dns-operations mailing list