Re: [DNSOP] Asking TLD's to perform checks.

Jelte Jansen <> Thu, 12 November 2015 14:13 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 013D11ACD45 for <>; Thu, 12 Nov 2015 06:13:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0.084
X-Spam-Status: No, score=0.084 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_EQ_NL=0.55, HOST_EQ_NL=1.545, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id JG9n7j7xvNn3 for <>; Thu, 12 Nov 2015 06:13:30 -0800 (PST)
Received: from ( [IPv6:2a00:d78:0:147:94:198:152:69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id EE4C61ACD52 for <>; Thu, 12 Nov 2015 06:13:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt;; s=sidn-nl; c=relaxed/relaxed; h=subject:to:references:from:x-enigmail-draft-status:message-id:date:user-agent:mime-version:in-reply-to:content-type:content-transfer-encoding:x-originating-ip:x-clientproxiedby; bh=HSpf8kB3palISmwfVwz03FYDoU0zZvbME5iQg4yCcQ0=; b=pdeJLAgfiQZWzsccvMgAI59zEYCr/yHRTh4udCu4i318Fce8a9eCZuPCKlZlEuirmtucwjatYEZCixdPClH06RKcXihZvnPH4bRpHTLdvNjpBjgSYMvivwDpYQfPfe+4LDzdVXq2UxXUUWXSi3pGsCwz1n2ooWmx+7rumkDg3nbdo31IcZT5vNJI0Lq0ZmqxLmpO5H4HHTwiGlABOWU1FNo4M3ZR6Crw6R5f+HjcayEK8P6W0TOcvceGynl+FEQ9HcP03D3bxTU4budhMPFVj9NP7xqBZeJ5ERagDIefLAwrky4KRnyxLo/V/ONfInZYWoi1W/V+OpA9OvRQhR4+7w==
Received: from ka-mbx01.SIDN.local ([]) by with ESMTP id tACEDA2W012768-tACEDA2Y012768 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=CAFAIL); Thu, 12 Nov 2015 15:13:10 +0100
Received: from ( by ka-mbx01.SIDN.local ( with Microsoft SMTP Server (TLS) id 15.0.1076.9; Thu, 12 Nov 2015 15:13:14 +0100
To: Tim Wicinski <>,
References: <> <> <> <> <>
From: Jelte Jansen <>
X-Enigmail-Draft-Status: N1110
Message-ID: <>
Date: Thu, 12 Nov 2015 15:13:09 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Icedove/38.3.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
X-Originating-IP: []
X-ClientProxiedBy: ka-hubcasn01.SIDN.local ( To ka-mbx01.SIDN.local (
Archived-At: <>
Subject: Re: [DNSOP] Asking TLD's to perform checks.
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 12 Nov 2015 14:13:32 -0000

On 11/12/2015 01:30 AM, Tim Wicinski wrote:
> (as chair)
> I was the one who told Mark I liked the document but we needed to do
> less badgering of TLDs (my words, not his) and more on giving them
> advice on the best practices.


I'd like to add that they may be badgered just as hard from the other
side not to do too much in this regard; i.e. registrars telling them
"Don't tell me how to do my work, even if you think it's wrong". Sure,
BCPs may help, but we stopped doing pre-delegation checks for a reason.

As Antoin and others have already mentioned, we still do checks, and we
inform on a number (but not all) of them. One thing we found (at least
that has been my conclusion) is that 'they are doing it better' works
*much* better than 'you are doing it wrong'.

Removing delegations because of a lame delegation is highly likely to be
out of the question.