nanog mailing list archives
Re: Verisign Responds
From: Jack Bates <jbates () brightok net>
Date: Tue, 23 Sep 2003 14:48:38 -0500
Dan Hollis wrote:
On Tue, 23 Sep 2003 bmanning () karoshi com wrote:On Mon, 22 Sep 2003, Dave Stewart wrote:Courts are likely to support the position that Verisign has control of .net and .com and can do pretty much anything they want with it.ISC has made root-delegation-only the default behaviour in the new bind, how about drafting up an RFC making it an absolute default requirement for all DNS?That would be making a fundamental change to the DNS to make wildcards illegal anywhere. Is that what you want?no it wouldnt. it would ust make wildcards illegal in top level domains, not subdomains.
Actually, it's worst than that. root-delegation-only does not just change the wildcard behavior. RRs which are in the tld itself instead of being delegated (like some of the ccTLDs) break if forced into root-delegation-only. This is one of the points in the IAB opinion concerning remedies causing other problems.
The issue itself is political, but it does have technical ramifications. It's still to be seen if ISC's cure is worse than the disease; as instead of detecting and stoping wildcard sets, it looks for delegation. It is also configurable to a degree that inexperienced operators will break their DNS implementations out of ignorance (like ignoring the ISC recomendation and root-delegating .de).
One should consider sponsored TLDs like .museum the exception. If you have filtering rules (like smtp) that are bypassed as a result of the wildcard, then those rules themselves should be changed. The sponsored TLDs and even a lot of the ccTLDs have a rather small subdomain base, allowing for unified agreement on changes made to the zone. The legacy TLD's should be rather static to ensure stability in DNS architecture overall. The subdomain base is massive, making communication and agreement on changes difficult. If I'm not mistaken, this is one of the duties of ICANN.
-Jack
Current thread:
- Re: Verisign Responds, (continued)
- Re: Verisign Responds Måns Nilsson (Sep 24)
- Re: Verisign Responds Stephen J. Wilcox (Sep 23)
- Re: Verisign Responds Andy Walden (Sep 23)
- Re: Verisign Responds Kee Hinckley (Sep 23)
- Re: Verisign Responds Dave Crocker (Sep 25)
- Re: Verisign Responds Randy Bush (Sep 23)
- Re: Verisign Responds Eliot Lear (Sep 23)
- Re: Verisign Responds Dave Crocker (Sep 23)
- Re: Verisign Responds Jim Segrave (Sep 24)
- Re: Verisign Responds Eliot Lear (Sep 24)
- Re: Verisign Responds Jack Bates (Sep 23)
- Re: Verisign Responds Paul Vixie (Sep 23)
- Re: Verisign Responds Jack Bates (Sep 24)
- Re: Verisign Responds Paul Vixie (Sep 24)
- Re: Verisign Responds Jack Bates (Sep 24)
- Re: Verisign Responds Paul Vixie (Sep 24)
- Re: Verisign Responds Jack Bates (Sep 24)
- Re: Verisign Responds Wayne E. Bouchard (Sep 24)