> On 4 May 2018, at 9:28 am, David Huberman <david.huber...@icann.org> wrote: > >>> On May 3, 2018, at 3:27 PM, David Huberman <david.huber...@icann.org> wrote: >>> In practical terms, when any type of registry strips away a lame delegation >>> attached to a real, operating network with users behind it, and things break >>> as a result… > > Woody replied: >> But isn’t that, by definition, impossible? What could break as a result of >> a _lame_ delegation >> being removed? > > Mark provided you with a forward DNS example. Here’s a _common_ reverse DNS > example: > > You are the registrant of 192.168.0.0/17. > You setup a single SOA record for 168.192.in-addr.arpa instead of properly > defining 128 records > for each /24 reverse zone. > > PTR queries to the NSes will work (for the /17). > > But you’ll fail the lameness checking at an RIR because the RIR checks all > zones in the > SOA record, and assumes that if you assert 168.192.in-addr.arpa, that you > really meant > to claim authority over the /16.
You see the same with forward zones with domain parking. They set up a .com (or root) zone for all the *.com zones parked on the server and break all negative responses as a consequence. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop