On Wed, May 10, 2023, at 11:57, Hollenbeck, Scott wrote: > RFC 5731 contains text that has led some domain name registrars to > adopt an operational practice of re-naming name server host objects so > that they can delete domain objects.
There aren't any other real working methods unfortunately :-( Except in cases of registry fine into letting the host delete go through even if still linked to other domain objects. > There's a risk in renaming the host object, though. If the host is > renamed using a domain that isn't currently registered, such as > ns1.randomfoo.example, it becomes possible for someone to gain DNS > resolution control of ns1.randomfoo.example by registering > randomfoo.example and creating ns1.randomfoo.example. If you stay in same registry, the registrar can just register once for all a "dummy" name like `this-is-really-junkyard.example` and then it renames all hosts below that name. As he keeps registration of the base name, no bad things can happen. With some cost, yes, the cost of one domain only, no matter how many nameservers renamed there. I think the problem is really in the thinking of "let us just use some random non existing name and hope it will work", which created problems as well as the TLD level when people decided to just arbitrarily use `.dev` locally. Also anyway some registries might check that the name resolves at least and hence won't allow non existing domains. There is also the idea of using names below `in-addr.arpa` or other valid suffixes but where obviously no registration happens. Some very widely known names do also provide wildcard behavior to make any name suddenly resolve even if really no nameserver there, and the base name will never go out of existence. > Is this a topic we should address? Do we want to address the generic problem of how to break associations (discussed since EPP existed or even before but as yet no solutions besides renaming or registry forcibly broking the link), or just address what the RFC says to help people do things differently/with more caution? I think the second case can be done, but not really the first. And even so, it is maybe out of IETF scope as it is more an operational matter than really a problem in the protocol itself. -- Patrick Mevzek [email protected] _______________________________________________ regext mailing list [email protected] https://www.ietf.org/mailman/listinfo/regext
