Sven-Haegar Koch: Re: Root Server Operators (Re: What *are* they smoking?)

[Paul Vixie <paul () vix com>]

forwarding as requested.

> --- Begin Message ---
>
>
> From: Sven-Haegar Koch <haegar () sdinet de>
>
> Date: Thu, 18 Sep 2003 12:05:59 +0200 (CEST)
>
> On Thu, 18 Sep 2003, Paul Vixie wrote:
>
> *can't post to nanog, feel free to forward it*
>
> > actually, i had it convincingly argued to me today that wildcards in root
> > or top level domains were likely to be security problems, and that domains
> > like .museum were the exception rather than the rule, and that bind's
> > configuration should permit a knob like "don't accept anything but delegations
> > unless it's .museum or a non-root non-tld".  i guess the ietf has a lot to
> > think about now.
>
> "don't accept anything but delegations unless it's .museum or a non-root
> non-tld" - you need to include for example .de in there too.
>
> They don't have wildcard-records, but lots of domains (mostly from the
> biggest website-sellers) don't use own nameservers, but include all
> information (mx, a records) directly into the .de-zone.
>
> One example: whois -h whois.denic.de dev0.de
>
> (nsentry records instead of the normal nserver records - available to
> everyone who can register domains/change their denic-data)
>
> c'ya
> sven
>
> -- 
>
> The Internet treats censorship as a routing problem, and routes around it.
> (John Gilmore on http://www.cygnus.com/~gnu/)
>
> --- End Message ---