In message <[email protected]>, "Mark E. Jeftovic" writes: > > > Mark Andrews wrote: > > > Additionally there are "risks" with both strategies. If you have > > vanity names then you have the risk of not updating all the glue > > records when you renumber the nameservers. > > > > The biggest issue is not having delegations checked by all parties > > involved in the delegation. Checks catch errors and the DNS has a > > high error rate with delegation being broken due to this lack of > > checking. > > > > Agree, we have been diligently trying to dissuade users from using > vanity nameservers whenever we can. Alas, the fact that people can > arbitrarily create vanity nameservers pointing at IPs they don't operate > is a long standing beef. > > It goes back to an old wish I've expressed in the past that there needs > to be some kind of nameserver operator protocol where ops can have some > degree of control over entities that get delegated to them (from > external registrars) or host entities using their IPs.
It exists "dig SOA zone @server" and if you get back a SOA record for the zone with the "aa" bit set then you are good to go. This check is supposed to be made BEFORE the delegation is completed. Unfortunately people complain when a delegation is not completed in 0.0001ms after hitting submit so all checking just skipped. If you want this to change behavior sue the registry and registrar for not doing "due dilegence" before adding the NS record because they are not going to pay attention any other way it seems. Contracts can't save them as you, as a nameserver operator, are not party to the the contract between the registry / registrar or registrar / registrant. One or two successful suites will change this behaviour. > But I don't see it happening. > > - mark > > -- > Mark E. Jeftovic <[email protected]> > Founder & CEO, easyDNS Technologies Inc. > +1-(416)-535-8672 ext 225 > Read my blog: http://markable.com > -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
