[dns-operations] OpenDNS, Google, Nominet - New delegation update failure mode

Paul Vixie paul at redbarn.org
Sat Apr 4 04:28:53 UTC 2020

On Friday, 3 April 2020 17:20:10 UTC Shumon Huque wrote:
> On Fri, Apr 3, 2020 at 11:59 AM Ralf Weber <dns at fl1ger.de> wrote:
> > Well it was you think and others (including me) disagree for valid
> > reasons.
> > There is absolutely no reason to issue queries for some validation, when
> > you already got good results.
> > 
> > I see this is a workaround for people to lazy to update the delegations,
> > and put more complexity and work on resolvers.
> Dear Ralf,
> It is possible that there exist some people who want this because they
> are "too lazy" to update delegations. But I strongly suspect there are other
> reasons.
> ...

the economy requires faster, easier takedown of domains. when a delegation is 
revoked due to bad behaviour by a registrant, it has to die _everywhere_ 
almost immediately. not sporadically depending on which (above vs. below) NS 
RRset was cached, or on what TTL it had.

the overwhelming majority of newly created domains are used maliciously, and 
die quickly after short, brutal lives. we have to make them as easy to kill as 
to birth.

when i saw ralf say that there was "absolutely no reason", i recognized that 
he's living in a very different world (domains are mostly good) than i am 
(domains are mostly bad). we probably won't find common ground.


More information about the dns-operations mailing list