clueing in TLD registries for delegations to non-BIND servers
Stephane Bortzmeyer bortzmeyer at nic.fr
Thu Feb 20 10:52:46 CET 2003
On Tue, Feb 11, 2003 at 05:40:11PM +0100, Stefan Paletta <stefanp at cabal1.com> wrote a message of 109 lines which said: > I will never hesitate a second to cheat around useless requirements > if necessary IANAL but I believe that the after-the-fact discovery of cheating is a sufficient reason to delete a domain in '.fr'... > The problem here is just that the definition of 'working' is too > often less than helpful. As I have already explained briefly -- and I > think we will see more thoroughly later -- some checks are nonsensical > in a technical way, As I said, AFNIC is working on a new version of ZoneCheck, rewritten from scratch, free software and, more important, completely modular: tests can be added easily and a configuration file allows to suppress a test without source code modification. Advices on the current set of tests is welcome. Input from the community is also welcome: if you have ideas of nice tests, please write AFNIC or myself (I'll forward). > people can screw up in wonderful ways once a zone has been > delegated anyway. Right. Unlike the '.de' and '.br' registries, AFNIC does not check once the delegation is made. But it will be done in '.eu' with the ZoneCheck tool. > registries have a habit of not listening to their customers (esp. not > those who apparently cannot get their nameserver to work > 'correctly'). We received two weeks ago a complaint from a potential customer (a big software company, people who should be technically savvy) saying that we had no business testing the connectivity on port 53 with TCP and that we disturbed their firewall. They added that TCP was only for zone transfers. The idiot^H^H^H^H^Hcustomer requested my supervisor's name and address when I told him he knew nothing about DNS :-) > For example quite a few registries have the requirement for at least > two independent nameservers and that those have addresses not within > the same /24. Funny, you do not mention of the biggest bugs of the present ZoneCheck: it is still classful and complains if your two nameservers are in the same former class A... > quirement that, in contrast, is revisable, enforcable and actually > useful. By all means, if someone wants to hear I will be happy to > write this up and have it discussed and, for that matter, proven wrong. Please do because I do not have many good ideas on how to test this. Do you plan to use BGP announces?
[ dns-wg Archives ]