clueing in TLD registries for delegations to non-BIND servers
Stephane Bortzmeyer bortzmeyer at nic.fr
Fri Feb 7 13:29:08 CET 2003
On Thu, Feb 06, 2003 at 06:42:45PM +0100, Stefan Paletta <stefanp at cabal1.com> wrote a message of 25 lines which said: > Some TLD registries, however, make unreasonable demands regarding the > behaviour of servers to which they delegate zones. Most notably the > .fr and .it registries, which apparently demand that servers return a > (non-authoritative!, in the case of .it) referral to the root servers > when they are lame. I am not involved in the daily operations of the '.fr' registry but, AFAIK, the ZoneCheck tool (check it out yourself <URL:http://www.nic.fr/zonecheck/>) requires a referral only if your server claims to be recursive. Therefore, nsd, which is never recursive, or BIND9 with two views (one with recursion for local clients and one without for serving authoritative data to the outside) are OK. BIND8 is more problematic since the recursive flag is apparently global. > I was wondering if RIPE or a group from the RIPE community might > appeal to those registries and try to make them stop acting stupid. A new (completely new: rewritten from scratch) version of ZoneCheck is currently beta. Unlike ZoneCheck 1, the actual tests are configured in a separate configuration file so you can remove some tests without hacking the code. This will make policy adjustements much easier. Input from the community is welcome.
[ dns-wg Archives ]