As to the advice to TLD operators to un-delegate broken servers, good
luck with that. For ICANN contracted TLDs it'd require a change to
the RAA which is unlikely to happen, and for everyone else, the
registrant is likely to say "it works fine for me", which it probably
does for simple A and MX queries. I'm not sure what to say instead,
but it seems unwise to instruct people to do something you know they
won't do.
Parent zone administrators are already instructed to do just that
as the last step in attempting to remediate problems cause by broken
/ misconfigured servers. This does happen for sites spewing spam.
Advice to zone administrators, I suppose, but TLD operators all either
have contracts with ICANN, or are ccTLDs with some responsibility to the
country-like-thing. Having looked in some detail at gTLD contracts, there
is nothing there that would let a TLD undelegate a partially working name
server.
Section 5: in the last sentence, I don't understand whether it means
that none of them are attack vectors, or that some are and some aren't.
What other word than "All" would you have me use in "All of these
are not attack vectors" ?
"None of these are attack vectors", or "Only some of these can be attack
vectors."
R's,
John
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
