> On 5 May 2023, at 03:01, Warren Kumari <war...@kumari.net> wrote: > > > > > > On Thu, May 04, 2023 at 5:07 AM, Mark Delany <m...@india.emu.st> wrote: > On 03May23, Edward Lewis apparently wrote: > Was any "lame" situation defined which wasn't the result of a bad > configuration? > The difference between observing a symptom and diagnosing a cause is great. I > say this to caution against tying the "why it is" with > "what it is." > This is a good point. > I confess my perspective is that of the DNS admin/serving side focussed on > "why it is" whereas lameness is most often observed as a "what it is" from > the resolution/client-side perspective. To use your useful terms. > I have one last question. Regardless of whether we agree precisely on what > "lame" means, what is the call to action when a zone or its name servers are > declared lame? > > There doesn't need to be a call to action — I can say "my car squeals when > going round a corner" - "squeals" is a way to describe the noise, and it's > just an observation, just like "a-random-test-domain.net is a lame > delegation". I own both "a-random-test-domain.net" and "my car" - unless the > squealing / lameness impacts you, I don't think that there (or needs to be) > is a call to action on either. > > And how is that different from any other form of miscreant auth behaviour > such as inconsistency? > > Well, for one thing, it's not always "miscreant auth behavior" (by which I'm > assuming you mean misbehavior by the auth server / auth server operator). > > As an example, it's quite common for people to register a domain and point > the DNS at some nameservers which they don't control, and have no > relationship with. This is not "miscreant auth behaviour" by the auth > operator - they were not involved, and also have no realistic way to deal > with the issue. > > If we did want to have a call to action" we could publish something saying > that pointing a domain at a name server that isn't "yours" is uncool, but I > don't really know how effective this would be…
Pointing a NS record at a nameserver that doesn’t serve the zone with the intention of causing DoS traffic at it is a criminal act in most jurisdictions (intentional financial harm or some such). Aiding and a abetting a criminal act is also a criminal act. Not having a process to remove NS records pointing at servers that don’t serve the zone could be seen as aiding and abetting. This is not to say that all cases of NS records that point at servers that don’t serve a zone are criminal acts but just treating it as “uncool” is uncool. > W > > > > I mean if "lame" is a precious historical term that warrants considered > clarification, surely it has a very specific value that we can all act on, > right? So what is that very specific value? > Mark. > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
