[dns-operations] OpenDNS, Google, Nominet - New delegation update failure mode

Paul Vixie paul at redbarn.org
Sat Apr 4 07:42:12 UTC 2020


On Saturday, 4 April 2020 06:59:30 UTC Ralf Weber wrote:
> ...
> 
> I actually agree with you that most domains are bad and especially that
> most
> new domains are bad. But from my experience takedown on authorities
> takes so
> long (weeks and months) that the additional NS TTL doesn’t really
> matter.

that analysis compresses and loses information about outcomes. where takedown 
is effective, and some registrars and some registries are good at it, we need 
to ensure that their goodness isn't shaded out by NS TTL. in a world where NS 
TTL doesn't matter, there is less incentive for a registrar or a registry to 
invest in become a good actor. we must not equate babies with bathwater in our 
aspirations.

> If you want to react to bad domains it has to be at the resolver level,
> as
> you there can react fast and have full control. I’ve been doing this
> now for
> over a dozen years, even before RPZ was a thing.

see above. (i won't get into who did what first.)

-- 
Paul





More information about the dns-operations mailing list