Op 7 nov. 2015, om 16:17 heeft Ralf Weber <[email protected]> het volgende geschreven:
> Cool. Thanks for the link, and thanks to SIDN for doing this. Seems to be > effective, though the number doesn't seem to go to 0. If I understand it > correctly (or google translated it correct) there is no sanction for the > registrar only information that something is not working. The numbers don’t go down to 0 because there are also deliberately bad DNSSEC domains for testing and research purposes. The registrars that do DNSSEC have another incentive to get this right. If resolver operators of ISP’s don’t validate because of too many errors, the effort of registrars supporting DNSSEC in the first place will be in vain. A sanction for regular DNS errors is that domains that repeatedly fail the technical checks can be deleted (by the registrar or registry) without the registrant’s consent according to the legal rules. This was used quite often by registrars whose customers didn’t pay their bill on time. (simply stop serving DNS and that would give right to delete the registration). But that’s not the point. The point is that we need consensus on criteria for what is good and what is bad DNS(SEC). I agree with you that there is no incentive for parked domains to get DNS right. In fact, some registries like .nl allow registration without delegation, which is perfectly fine for those domains. It keeps the trash out the DNS. But we need consensus on what good and bad DNS operation is so registrants have a choice. For a domain that I don’t use, or only sometimes, some are perfectly happy with a dns-operator that charges $1,- a year but has a "DNS goodness” score of only 10%. For a domain that is my principal business, I need a dns-operator (and a registrar, and registry, and ICANN!) that has a score of at least 99.999% compliance, even if it costs me $100,- a year. The question is: What is is compliant, and how can we test that against a set of known errors so we can give them a score that has the consensus of us DNS experts. And as Mark mentioned, many errors mean operational cost one way or another, not only for the name servers of the zone itself, but also for it’s parents and resolvers of ISP’s. Parent and child dns-operators can make their own choice in business model in which they trade operational cost against profit and trust, but we need an independent set of criteria for those TLD's and dns-operators that want the reputation to be at the "good DNS” side of that business model. And for that to be possible, we need ICANN and so everyone below the root to be that good. We cannot let the weakest link determine the maximum quality of the DNS. Perhaps a personal question to you: What score would you like the .de domain (not zone!) to have? And why? What would you do if they only scored 40% ? - -- Antoin Verschuren Tweevoren 6, 5672 SB Nuenen, NL M: +31 6 37682392
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
