[dns-operations] OpenDNS, Google, Nominet - New delegation update failure mode
Paul Vixie
paul at redbarn.org
Sat Apr 4 07:42:12 UTC 2020
On Saturday, 4 April 2020 06:59:30 UTC Ralf Weber wrote:
> ...
>
> I actually agree with you that most domains are bad and especially that
> most
> new domains are bad. But from my experience takedown on authorities
> takes so
> long (weeks and months) that the additional NS TTL doesn’t really
> matter.
that analysis compresses and loses information about outcomes. where takedown
is effective, and some registrars and some registries are good at it, we need
to ensure that their goodness isn't shaded out by NS TTL. in a world where NS
TTL doesn't matter, there is less incentive for a registrar or a registry to
invest in become a good actor. we must not equate babies with bathwater in our
aspirations.
> If you want to react to bad domains it has to be at the resolver level,
> as
> you there can react fast and have full control. I’ve been doing this
> now for
> over a dozen years, even before RPZ was a thing.
see above. (i won't get into who did what first.)
--
Paul
More information about the dns-operations
mailing list