Moin!
On 4 Apr 2020, at 6:28, Paul Vixie wrote:
the economy requires faster, easier takedown of domains. when a
delegation is
revoked due to bad behaviour by a registrant, it has to die
_everywhere_
almost immediately. not sporadically depending on which (above vs.
below) NS
RRset was cached, or on what TTL it had.
the overwhelming majority of newly created domains are used
maliciously, and
die quickly after short, brutal lives. we have to make them as easy to
kill as
to birth.
when i saw ralf say that there was "absolutely no reason", i
recognized that
he's living in a very different world (domains are mostly good) than i
am
(domains are mostly bad). we probably won't find common ground.
I actually agree with you that most domains are bad and especially that
most
new domains are bad. But from my experience takedown on authorities
takes so
long (weeks and months) that the additional NS TTL doesn’t really
matter.
If you want to react to bad domains it has to be at the resolver level,
as
you there can react fast and have full control. I’ve been doing this
now for
over a dozen years, even before RPZ was a thing.
So long
-Ralf
—--
Ralf Weber
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
