Mark Andrews wrote:
Message: 7 Date: Wed, 10 Jun 2015 11:09:45 +1000 From: Mark Andrews
<[email protected]> To: "Mark E. Jeftovic" <[email protected]> Cc:
[email protected] Subject: Re: [dns-operations] Fwd: Re:
[Security] Glue or not glue? Message-ID:
<[email protected]> <SNIP>
It exists "dig SOA zone @server" and if you get back a SOA record
for the zone with the "aa" bit set then you are good to go. This
check is supposed to be made BEFORE the delegation is completed.
Unfortunately people complain when a delegation is not completed
in 0.0001ms after hitting submit so all checking just skipped.
In co.za we do this before delegating to NS's. The registration proceeds
irrespective.
On EPP, we queue the checks, the legacy email interface it just gets
rejected.
Do we get it in the neck:
"Don't tell us how to run our NS's"
"Our system doesn't work that way"
"We can't provision our NS's so fast"
"Our hosting provider won't put stuff in their NS's until it's in the
Registry"
"No one else does this"
and others.....
If you want this to change behavior sue the registry and registrar
for not doing "due dilegence" before adding the NS record because
they are not going to pay attention any other way it seems. Contracts
can't save them as you, as a nameserver operator, are not party to
the the contract between the registry / registrar or registrar /
registrant.
One or two successful suites will change this behaviour.
+1
--Calvin
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
