Home page logo
/

nanog logo nanog mailing list archives

Re: AW: Odd policy question.
From: Randy Bush <randy () psg com>
Date: Sat, 14 Jan 2006 11:59:58 -1000


As an engineer, I believe we would need a protocol that would
permit someone to query an IP address to ask what DNS domains
it may be an NS for.

this addresses neither the issue of longevity nor that of
whether it is authoritative for a particular domain which
is proposed to be, or has been, delegated to it.

and please note that delegation is not to an ip address, but
rather to an fqdn.  the only time the two are bound is when a
delegatee is within the zone being delegated, so the delegator
needs to insert a glue a rr.

i run a very small registry for some cctlds.  my scripts do
specifically check that all servers to which a delegation is
proposed are actually serving the zone, and will not delegate
if they are not.  i also check for 2182 compliance in a crude
manner.  i also check that the ns rrset held by the servers is
that to which delegation is requested.

i would gladly re-run the delegation checks against the zone
files periodically.  but i do not as i don't know what to do
when (not if) i find lamers.  it seems a bit drastic to just
remove delegation.  but i know from experience that email to
the pocs will get no useful response.

randy


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]