Re: [DNSOP] Asking TLD's to perform checks.

Havard Eidnes <he@uninett.no> Wed, 11 November 2015 10:17 UTC

Date: Wed, 11 Nov 2015 11:17:35 +0100
Message-Id: <20151111.111735.41519120.he@uninett.no>
To: paf@frobbit.se
From: Havard Eidnes <he@uninett.no>
In-Reply-To: <314D2303-5654-4BA3-A190-F658DAF60E31@frobbit.se>
References: <5373DDAB-1ED2-489B-AB62-BA7CF6D3DB48@frobbit.se> <20151111064744.GW18315@mournblade.imrryr.org> <314D2303-5654-4BA3-A190-F658DAF60E31@frobbit.se>
Mime-Version: 1.0
Content-Type: Text/Plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/ABYXAIp7QdySdlIrqsi_pDVdRaI>
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] Asking TLD's to perform checks.
Precedence: list

>> It may not be possible for everyone to agree on a comprehensive
>> set of 'wrongs' with no omissions, but it should be possible to
>> get consensus on a core set of 'wrongs' that are not controversial.
> 
> Yes and no. I think going for a minimum will be a good goal,
> but for example to have lame delegations must by definition be
> allowed, as some registration policies do require delegation
> (i.e. NS records). So people add NS records in parent zone, but
> nothing responds there.

I think I don't understand the scenario you're sketching up here.
Furthermore, I don't think I understand why you argue that such a
setup must be acceptable.

Does the scenario look like this?

* Client asks to registrar to set up frobbit.se
* Registrar is lazy and doesn't want to set up a separate zone, so
  instead sets up his own fake .se zone where he puts the data for
  frobbit.se, including delegating NS records which points
  towards the servers serving the fake .SE zone.
* Registrar contacts the registry to have frobbit.se registered
  as a delegation

I've heard anectdotal evidence about folks doing that, and being
denied doing so by registry checks because the SOA record comes
out wrong.

But this doesn't create a lame delegation (does it?) so I don't
think I understand what you're saying.

A zone registered with delegation records, but where none of the
name servers respond to queries for the zone does noone any good,
so why must it be acceptable?  Maybe my imagination can't fathom
the reasons why people insist on creating lame delegations.

> Until policy allows registration without delegation, you will
> see lame delegations.

Again, please explain.

Maybe I'm spoiled by our local CC registry insisting on certain
technical checks passing before registration can be allowed to
proceed.  I'm not saying we're without lame delegations, though,
but I think they occur for other reasons (post-registration
changes, badly-managed transisions).

Regards,

- Håvard

Re: [DNSOP] Asking TLD's to perform checks. Jim Reid
Re: [DNSOP] Asking TLD's to perform checks. Paul Hoffman
[DNSOP] Asking TLD's to perform checks. Mark Andrews
Re: [DNSOP] Asking TLD's to perform checks. Ralf Weber
Re: [DNSOP] Asking TLD's to perform checks. marius
Re: [DNSOP] Asking TLD's to perform checks. Antoin Verschuren
Re: [DNSOP] Asking TLD's to perform checks. Mark Andrews
Re: [DNSOP] Asking TLD's to perform checks. Ralf Weber
Re: [DNSOP] Asking TLD's to perform checks. Ralf Weber
Re: [DNSOP] Asking TLD's to perform checks. Antoin Verschuren
Re: [DNSOP] Asking TLD's to perform checks. Viktor Dukhovni
Re: [DNSOP] Asking TLD's to perform checks. Mark Andrews
Re: [DNSOP] Asking TLD's to perform checks. Ralf Weber
Re: [DNSOP] Asking TLD's to perform checks. Ralf Weber
Re: [DNSOP] Asking TLD's to perform checks. Daniel Stirnimann
Re: [DNSOP] Asking TLD's to perform checks. Shane Kerr
Re: [DNSOP] Asking TLD's to perform checks. Mark Andrews
Re: [DNSOP] Asking TLD's to perform checks. Viktor Dukhovni
Re: [DNSOP] Asking TLD's to perform checks. Patrik Fältström
Re: [DNSOP] Asking TLD's to perform checks. Mark Andrews
Re: [DNSOP] Asking TLD's to perform checks. Viktor Dukhovni
Re: [DNSOP] Asking TLD's to perform checks. Patrik Fältström
Re: [DNSOP] Asking TLD's to perform checks. Dr Eberhard W Lisse
Re: [DNSOP] [ccnso-techwg] Re: Asking TLD's to pe… Patrik Fältström
Re: [DNSOP] Asking TLD's to perform checks. Mark Andrews
Re: [DNSOP] Asking TLD's to perform checks. Viktor Dukhovni
Re: [DNSOP] Asking TLD's to perform checks. Dr Eberhard W Lisse
Re: [DNSOP] Asking TLD's to perform checks. Paul Vixie
Re: [DNSOP] Asking TLD's to perform checks. Patrik Fältström
Re: [DNSOP] Asking TLD's to perform checks. Havard Eidnes
Re: [DNSOP] Asking TLD's to perform checks. Patrik Fältström
Re: [DNSOP] Asking TLD's to perform checks. Tony Finch
Re: [DNSOP] Asking TLD's to perform checks. Stephane Bortzmeyer
Re: [DNSOP] Asking TLD's to perform checks. Havard Eidnes
Re: [DNSOP] Asking TLD's to perform checks. Stephane Bortzmeyer
Re: [DNSOP] Asking TLD's to perform checks. Mark Andrews
Re: [DNSOP] Asking TLD's to perform checks. Patrik Fältström
Re: [DNSOP] Asking TLD's to perform checks. Lawrence Conroy
Re: [DNSOP] Asking TLD's to perform checks. Viktor Dukhovni
Re: [DNSOP] Asking TLDs to perform checks. Joe Abley
Re: [DNSOP] Asking TLD's to perform checks. Frederico A C Neves
Re: [DNSOP] Asking TLD's to perform checks. Tim Wicinski
Re: [DNSOP] Asking TLD's to perform checks. Dr Eberhard W Lisse
Re: [DNSOP] Asking TLD's to perform checks. Jelte Jansen