(also -- bind8 workaround published) Re: delegation-only: Who?
Andris Kalnozols
andris at hpl.hp.com
Thu Sep 25 06:25:12 UTC 2003
> "Jim McAtee" <jmcatee at mediaodyssey.com> writes:
>
> > Over the past several days I've read a lot of conflicting opinions on which
> > TLDs could/should/can be safely designated as delegation-only. The list of
> > those zones that should not be so designated seems to be constantly shifting.
> > I've come to the conclusion that we won't be using the "root-delegation-only"
> > option, as I can't make heads nor tails of the statements.
>
> the current list of what's working for us at ISC will be maintained at the
>
> http://www.isc.org/products/BIND/delegation-only.html
>
> page, which by the way has just been updated with a rather ugly workaround
> for BIND8 sites.
>
> > So, I'll use delegation-only zones. Obviously "com" and "net" will be
> > designated. What others can safely be designated delegation-only?
>
> what do you mean by "safely"? to my mind, .MUSEUM is on the list because
> the wildcard was in its original application, which was approved by icann.
> .US and .DE are on the list because they put customer data (A and MX) into
> the zone itself in order to somehow save the apparent cost of an NS and a
> separate nameserver -- and at the moment, neither one has a wildcard.
>
> so far no trouble. if anyone knows of other non-wildcarded tld's who put
> customer data into the tld zone itself, or of other wildcarded tld's whose
> wildcard was approved by icann at the time of application, please let us know.
>
> tld wildcards serve only the interests of the registry. the registrars,
> and the registrants, and the querying public, all pay indirect costs and
> only the registry gets any benefit. i have a caretaker role for .TK and
> it has a wildcard which i think should not be there but i'm not responsible
> for the content or it would be gone by now. therefore my advice is to not
> exclude the "TK" zone in your root-delegation-only configuration.
> --
> Paul Vixie
Just so the list is in one place, here are the TLDs with wildcard RRs.
Besides .MUSEUM, .COM, and .NET, I don't know their status with ICANN.
(the name servers for .HT, .ML, and .TJ are all down/lame at present)
*.BZ. IN A 216.220.34.101
*.CC. IN A 206.253.214.102
*.CC. IN MX 10 snubby.enic.CC.
*.CN. IN A 159.226.7.162
*.COM. IN A 64.94.110.11
*.CX. IN MX 10 mail.nonregistered.nic.CX.
*.CX. IN A 219.88.106.80
*.MUSEUM. IN A 195.7.77.20
*.NET. IN A 64.94.110.11
*.NU. IN A 64.55.105.9
*.NU. IN A 212.181.91.6
*.PH. IN A 203.119.4.6
*.PW. IN CNAME wfb.dnsvr.com.
*.TD. IN CNAME www.nic.TD.
*.TK. IN MX 20 NUKUMATAU.TALOHA.COM.
*.TK. IN A 217.69.159.151
*.TK. IN A 216.38.142.218
*.TK. IN A 217.69.159.150
*.TW. IN A 203.73.24.11
*.VA. IN MX 100 mx.it.net.
*.VA. IN MX 20 john.vatican.VA.
*.VA. IN MX 30 av.vatican.VA.
*.WS. IN A 216.35.187.246
*.WS. IN MX 10 mail.worldsite.WS.
Andris Kalnozols
More information about the bind-users
mailing list