Re: [DNSOP] Asking TLD's to perform checks.

"Ralf Weber" <> Sat, 07 November 2015 16:11 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 886211A9097 for <>; Sat, 7 Nov 2015 08:11:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id KTj41UVDp882 for <>; Sat, 7 Nov 2015 08:10:58 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 1E1B81A9091 for <>; Sat, 7 Nov 2015 08:10:58 -0800 (PST)
Received: by (Postfix, from userid 107) id 105905F40656; Sat, 7 Nov 2015 17:10:55 +0100 (CET)
Received: from [] ( []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id 9C4D85F403C3; Sat, 7 Nov 2015 17:10:54 +0100 (CET)
From: Ralf Weber <>
To: Mark Andrews <>
Date: Sat, 07 Nov 2015 17:10:52 +0100
Message-ID: <>
In-Reply-To: <>
References: <> <> <>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"
X-Mailer: MailMate (1.9.3r5164)
Archived-At: <>
Subject: Re: [DNSOP] Asking TLD's to perform checks.
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 07 Nov 2015 16:11:00 -0000


On 6 Nov 2015, at 21:17, Mark Andrews wrote:

> In message <>, "Ralf 
> Weber" write
> s:
>> Really TLDs doing repeated checks? I know some do when you
>> register domains, but repeatedly? Examples?
> Yes.  Daily checks of all delegated server.  I don't believe they are
> currently reporting the discovered faults.
Cool, but unless they inform someone it won't help improve anything.
Others do and it's good to see some people on the authoritative side
doing something about it. IMHO it's still a drop in the ocean.

>> <cynic mode=on>
>> So you are telling TLD to spend money for checks that will decrease
>> there revenue. TLDs make money by registering domains. The don't make
>> money by running DNS, that is cost.
>> </cynic mode>
> If they don't run the DNS they don't get to take in the money.
Ever heard of negative registration or the .sucks domain....

[lots of DNS operational failure modes deleted]
> The operational problems that result from these behaviours should be
> obvious to everyone on this list.
> There are lots of other incorrect responses that cause operational
> problems.
I agree with you on both points, but that doesn't help to get these
wrong behaviours fixed. After working decades on operating recursive
servers I have lost hope that we will get these behaviours fixed.

Whenever such a thing occurs no customer gave a damn about the wrong
configuration of the authority, they all wanted the domain to resolve.
That is the reason why advancing new technologies in the DNS is so
difficult (impossible ;-).

Honestly I'd rather direct my energy to helping the end user with
DNS than fixing all the DNS misconfigurations on the internet, but
maybe this is because I'm getting old and have chased windmills
long enough ;-).

So long