Re: [DNSOP] Delegation acceptance checks

Havard Eidnes <> Fri, 05 May 2023 17:02 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D9877C152D8E for <>; Fri, 5 May 2023 10:02:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id c6vAGj6fLB8Y for <>; Fri, 5 May 2023 10:02:02 -0700 (PDT)
Received: from ( [IPv6:2001:700:1:0:eeb1:d7ff:fe59:fbaa]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by (Postfix) with ESMTPS id EE286C152D8A for <>; Fri, 5 May 2023 10:02:00 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id AF25143ECED; Fri, 5 May 2023 19:01:57 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=he201803; t=1683306117; bh=T+PlBDKyE7UqHaeeQ9Dj2Mcfts+RPA7UqUN7G3v/9TI=; h=Date:To:Cc:Subject:From:In-Reply-To:References:From; b=kfo036uL9vWp0wmslfTHdC+33LRnj2feLycfcGItePKxVJoHxYrQ6L0FVTyvXRxG+ 5BkB51SlZ1XcXYsJgPdcyDBYVymhGW6LXO6syiw+BogO8azNX3Uo3AasNprD/v8jZy Nm8U5xYlYXXd/X2XMhYUqSe7wwWQoDaVadQhHpYc=
Date: Fri, 05 May 2023 19:01:57 +0200
Message-Id: <>
From: Havard Eidnes <>
In-Reply-To: <>
References: <> <> <>
X-Mailer: Mew version 6.9 on Emacs 26.3
Mime-Version: 1.0
Content-Type: Text/Plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Archived-At: <>
Subject: Re: [DNSOP] Delegation acceptance checks
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 05 May 2023 17:02:06 -0000

>> I imagine that others also spend time on sorting out these entirely
>> unnecessary issues. If guidance were developed on delegation acceptance
>> checks,
> Well, yes... but where?

ccNSO, perhaps?

My advice would be to only enforce checks where violations would
negatively impact operations (e.g. disallow lame delegation setups),
and not enforce pure "dotting the i's and crossing the t's"
requirements where doing so contributes minimal to no improvement

> To me it feels like the IETF would be the right place to discuss and
> develop the guidance (personally I think that a parent should check if the
> name servers that are being proposed actually answer for the domain[0], and
> strongly suggest (but do not prevent) that that be fixed[1].
> [0]: Some, including myself, would call this lame, but...


I personally think that if a ccTLD insists on non-lame delegations at
the time of registration or update, I would not object.

> [1]: As an example, I have pointing to
> nameservers which have no idea about this domain - and I did that
> intentionally...

There's of course always the option of doing your own dirty work in a
child zone of your own properly delegated and operational domain.


- Håvard