On Wed, May 14, 2014 at 03:07:01PM -0700, Dave Warren wrote: > I *think* the concern is that the registry might be reluctant to > modify the configuration for one zone due to a change made on > another, administratively unrelated, zone.
No, the registry doesn't modify anyone's zone configuration. Just the registry's zone. The problem is that the registry has delegated to the registrar the authority over a name space. Within that name space, the registrar changes the name of an object. This is entirely within their rights, because they own the object _by virtue of_ the delegation of the name space. This has side effects for some other name in the registry, and the answer to that is, "Too bad. You shouldn't have used a nameserver in your NS record if they weren't going to tell you they were changing its name. And if they _did_ tell you, why didn't you update it?" Let me see if I can make it clearer. Suppose we have two timelines: RegistrarA ----1------2-----4----5---6---> -------------3------------7---> RegistrarB 1. RegistrarA registers example.com. 2. Registrant of example.com stands up a name server there, and sends glue records through RegistrarA for ns.example.com. 3. RegistrarB creates example2.com with a nameserver ns.example.com. 4. Registrant of example.com doesn't pay the bill. RegistrarA doesn't want to pay for the renewal of example.com. It tries to delete the name, but can't because of an existing subordinate host (see RFC 5731 section 1.1). 5. RegstrarA tries to delete ns.example.com, but this is denied because of the link to domain object example2.com (see RFC 5732 section 3.2.2). 6. RegistrarA renames ns.example.com to ns.example.com.lamedelegations.registrara.com. By putting the "lamedelegations" label in there, they are using the only real signalling mechanism they have in the registry to point out the problem. RegistrarA can now delete example.com and not have to pay the registration fee for the year. 7. The registry generates zone changes for the registry's zone, and the NS for example2.com becomes ns.example.com.lamedelegations.registrara.com., thereby making example2.com lame. It still works because of the glue records that continue to be carried with the host name. I think it would be nice to use the Shared Registration System (that's what "SRS" stands for) to facilitate this communication, but as it happens everyone disagreed with that idea in 2003 or so. > How about when a domain under .com disappears, how would .org know > to change/remove the delegation. This happens all the time, actually. The nice thing in that case, however, is because those are "external" names, there's no glue, so the delegation starts failing as soon as caches time out. For some value of "nice". Best regards, A -- Andrew Sullivan [email protected] _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
