[dns-operations] OpenDNS, Google, Nominet - New delegation update failure mode
Paul Vixie
paul at redbarn.org
Sat Apr 4 04:28:53 UTC 2020
On Friday, 3 April 2020 17:20:10 UTC Shumon Huque wrote:
> On Fri, Apr 3, 2020 at 11:59 AM Ralf Weber <dns at fl1ger.de> wrote:
> > Well it was you think and others (including me) disagree for valid
> > reasons.
> > There is absolutely no reason to issue queries for some validation, when
> > you already got good results.
> >
> > I see this is a workaround for people to lazy to update the delegations,
> > and put more complexity and work on resolvers.
>
> Dear Ralf,
>
> It is possible that there exist some people who want this because they
> are "too lazy" to update delegations. But I strongly suspect there are other
> reasons.
>
> ...
the economy requires faster, easier takedown of domains. when a delegation is
revoked due to bad behaviour by a registrant, it has to die _everywhere_
almost immediately. not sporadically depending on which (above vs. below) NS
RRset was cached, or on what TTL it had.
the overwhelming majority of newly created domains are used maliciously, and
die quickly after short, brutal lives. we have to make them as easy to kill as
to birth.
when i saw ralf say that there was "absolutely no reason", i recognized that
he's living in a very different world (domains are mostly good) than i am
(domains are mostly bad). we probably won't find common ground.
--
Paul
More information about the dns-operations
mailing list