Home page logo
/

nanog logo nanog mailing list archives

Re: TLD .ES screw up
From: Paul A Vixie <vixie () vix com>
Date: Wed, 30 Jul 1997 13:02:13 -0700

I think you're wrong. Last time we had to change .es delegation one and
a half years ago, we had to sent a normal template to hostmaster () internic net

when i first saw this problem i thought that it was due to a delegation
change, but it later turned out to have been due to a glue change.  if
it had been due to a delegation change, iana would still be your only line
of recourse since templates concerning TLD's are reviewed and processed by
the IANA before being handed back to the InterNIC (currently NSI) for
publication.  since it was due to a glue change, you're right that the
erroroneous information was not seen or approved by IANA in this instance.

But InterNIC also make changes to hosts where domains are delegated which
seem to be the cause of this problem. Someone made a wrong "host template"
request for one of the secondaries of .es (ns.eunet.es) changing its name
and IP address, which had the effect of changing the delegation of the .es
zone.

right.  i think that all hosts who are listed as nameservers for any TLD
ought to be "locked" such that IANA has to approve any changes to them, but
i don't believe the InterNIC's software has that capability at the moment.

For what I understand, InterNIC is admiting hosts templates for
domains which are not under .com .org .net, etc. (the TLDs under his
management) and placing glue records for them in the DNS. Am I right?

Yes.

If this is such, I don't think this is correct. If someone wants a
domain under .com to be delegated in a server under .es they shouldn't
place glue records for this nameserver (the same way we don't place
glue records for nameservers of .es domains delegated into .com NSs).

Glue should ideally be verified against authoritative data, and rejected if
it does not match.  A future version of BIND will support that capability.

The only glue records they should have for NSs under .es are the
ones in which the TLD .es is being delegated and those should be admited
only if included in the TLD delegation (or change of delegation) request.

I tend to agree.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]