Re: [DNSOP] Asking TLD's to perform checks.

[Shane Kerr <shane@time-travellers.org>]

Mark,

On Fri, 06 Nov 2015 10:54:02 +1100
Mark Andrews <marka@isc.org> wrote:

> 	I keep getting told the IETF can't tell people what to do
> 	but that is *exactly* what we do do when we issue a BCP.
> 	We tell people what best current practice is and ask them
> 	to follow it.
> 
> 	Today we have TLDs that do perform all sorts of checks on
> 	servers they delegate zones to and some do inform the
> 	operators of those zones that they have errors.  Those
> 	checks cover in part tests described in
> 	draft-andrews-dns-no-response-issue.
> 
> 	So do we adopt this or do we continue to lie to ourselves
> 	about what BCP actually do?

My guess is that part of the resistance is because you are going to be
asking people to spend money on something that does not provide them or
their customers any (direct) benefits. Further, it breaks the
registry-registrar model in some cases, where registries are kept away
from registrants by a 1.6 km-high wall.

My prediction about the eventual outcome is that you would end up with a
document that works as well as BCP 38; meaning that it is nice to have
for people that want some recommendations about what to check (and
can't be bothered to look at other registries' online documentation, or
contact registries directly and ask what they do).

If your true goal is to get ICANN to act as the some sort of enforcer
for DNS operational purity, then please do so via ICANN channels rather
than the IETF. ;)

To be clear, I am not opposed to a document which lists various checks
a parent zone may want to do, and the costs & benefits of each, as long
as it doesn't end up with you screaming at the microphone because TLD
.XX doesn't implement the recommendations. :)

Cheers,

--
Shane