[dns-operations] Verisign won't delete obsolete glue records?

Patrick Mevzek dnsoarc at ext.deepcore.org
Tue Mar 2 20:04:14 UTC 2021

On Tue, Mar 2, 2021, at 14:49, Andrew Sullivan wrote:
> (The 
> EPP rules IIRC forbid deleting example.com when ns1.example.com still 

Indeed §3.2.2 of RFC 5731 says:
   A domain object SHOULD NOT be deleted if subordinate host objects are
   associated with the domain object.  For example, if domain
   "example.com" exists and host object "ns1.example.com" also exists,
   then domain "example.com" SHOULD NOT be deleted until host
   "ns1.example.com" has either been deleted or renamed to exist in a
   different superordinate domain.  A server SHOULD notify clients that
   object relationships exist by sending a 2305 error response code when
   a <delete> command is attempted and fails due to existing object
   relationships.  Delegated and subordinate host objects associated
   with a domain object can be determined using the <info> query command
   for the domain object.

> exists, but because registries exist to rent domain names they don't 
> like to keep them around unpaid. 

Not a problem per se as all registries are in an autorenew mode
(basically domains are never deleted by the registry itself in normal course
of operations)
so the domain will be renewed and hence billed.
Otherwise, the registrar needs to delete it... which he won't be able
to as long as there are host objects using that domain name.

> So ns1.example.com often gets renamed 
> to ns1.example.com.lame-delegation.invalid or something like that,

Registrars do that. Because the sponsoring registrar of example.com
is necessarily the sponsoring registrar of any host object below it,
and hence has full control into renaming them. The users of those host
objects might not even see the host name change in fact.

BTW handling of orphaned glue records is an explicit question in ICANN 
guidebook for previous launch of new TLDs, and surely will be in next one
I guess.

> [1] There is a mode of EPP in which nameservers are properties of 
> domain objects instead of first-class objects that are associated, but 
> AFAIK anyone who thought that was a good idea gave it up.  


I do know of at least one ccTLD going from attributes to hosts indeed but 
.DE, while not using EPP but something similar, is still under the model
of hosts as attributes.

.BE .EU .AT at least are also using attributes.

  Patrick Mevzek

More information about the dns-operations mailing list