[dns-operations] TLD zones with lame servers

Anand Buddhdev anandb at ripe.net
Thu Jun 13 20:50:49 UTC 2019

On 13/06/2019 21:35, Kim Davies wrote:

Hi Kim,

> * One of the benefits of the current model is that our procedure 
>   essentially requires a requester to prove custody of the zone to effect a 
>   root zone change. i.e. we expect the new NS-set to published in the child
>   prior to the root; we expect a new DNSKEY to be published in the child
>   prior to the DS being placed in the root zone; we expect the authoritative
>   A/AAAA records for a host to be updated prior to a glue change. Allowing
>   NS-set changes to be made without a corresponding change to the child
>   zone (in order to allow third-parties to make changes) would weaken this
>   protection.

So the case of CM is interesting. The operator has removed
cm.cctld.authdns.ripe.net from the CM zone. The operator has signalled
that the RIPE NCC server shouldn't be serving the zone.

RIPE NCC is also signalling, via NXDOMAIN, that this name server really
should not be in use.

If the folk in Cameroon are unable to make a request to change
delegation, would IANA consider a request from RIPE NCC for this
delegation change, given that it is very clear from all sides, that our
name server should not be in the root zone?

Anand Buddhdev

More information about the dns-operations mailing list