In message <[email protected]>, "John R Levine" write s: > >> As to the advice to TLD operators to un-delegate broken servers, good > >> luck with that. For ICANN contracted TLDs it'd require a change to > >> the RAA which is unlikely to happen, and for everyone else, the > >> registrant is likely to say "it works fine for me", which it probably > >> does for simple A and MX queries. I'm not sure what to say instead, > >> but it seems unwise to instruct people to do something you know they > >> won't do. > > > > Parent zone administrators are already instructed to do just that > > as the last step in attempting to remediate problems cause by broken > > / misconfigured servers. This does happen for sites spewing spam. > > Advice to zone administrators, I suppose, but TLD operators all either > have contracts with ICANN, or are ccTLDs with some responsibility to the > country-like-thing. Having looked in some detail at gTLD contracts, there > is nothing there that would let a TLD undelegate a partially working name > server.
Yet, that is community expectation as express in RFC 1033. COMPLAINTS These are the suggested steps you should take if you are having problems that you believe are caused by someone else's name server: 1. Complain privately to the responsible person for the domain. You can find their mailing address in the SOA record for the domain. 2. Complain publicly to the responsible person for the domain. 3. Ask the NIC for the administrative person responsible for the domain. Complain. You can also find domain contacts on the NIC in the file NETINFO:DOMAIN-CONTACTS.TXT 4. Complain to the parent domain authorities. 5. Ask the parent authorities to excommunicate the domain. Zones have been excommunicated for various reasons in the past without words in formal contracts saying that they are required to do so. Best current practice does result in zones being removed for various reasons after due process. It is the measure of last resort. > >> Section 5: in the last sentence, I don't understand whether it means > >> that none of them are attack vectors, or that some are and some aren't. > > > > What other word than "All" would you have me use in "All of these > > are not attack vectors" ? > > "None of these are attack vectors", or "Only some of these can be attack > vectors." > > R's, > John -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
