Stephane Bortzmeyer wrote: >> A new edition of the DNS security guide by ANSSI (French cybersecurity >> agency) recommends to prefer delegations with glue because glueless >> delegations "may carry additional risks since they create a >> dependency". ... >
I tend to go with Patrik: > Without reading the report, and speaking personally, I prefer a mix of > delegations with glue and without to not have dependency of one path in the > domain name space to work for resolution to work. Only glue create for me a > single point of failure... as I think having multi-domain multi-tld redundancy among ns delegations is wise. Paul when you say: > if we're voting, i agree with this recommendation. (we should have named the > root name servers X.ROOT-SERVERS without a delegation for .ROOT-SERVERS, so > as to keep them in-zone, and we're still paying for that mistake.) > I can see your point on something like root-servers.net or .root-servers (tangentially also acknowledge whatever gets decided in these types of situations, you are stuck with those decisions for a long time, in some cases forever). But are you saying this would be your preferred method for wider use? I.e. when Joe 6-pack regs joesixpack.six and he's going to just host a website and email he should have in bailiwick nameservers (even if those nameservers are being operated by his registrar/web host/dns provider?) In other words, are you saying every domain registered should have "vanity" nameservers? - mark -- Mark E. Jeftovic <[email protected]> Founder & CEO, easyDNS Technologies Inc. +1-(416)-535-8672 ext 225 Read my blog: http://markable.com _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
