Deprecation notice for BIND 9.18: (root-)delegation-only option
Ondřej Surý
ondrej at isc.org
Thu Mar 23 18:11:21 UTC 2023
> On 23. 3. 2023, at 17:57, Matus UHLAR - fantomas <uhlar at fantomas.sk> wrote:
>
> On 22.03.23 17:36, Ondřej Surý wrote:
>> in line with our deprecation policy, I am notifying the mailing list about our intent
>> to deprecated the delegation-only and root-delegation-only options. This is again
>> adept for expedited deprecation - it will be removed in BIND 9.20 and deprecated
>> in BIND 9.18.
>
> what's the reason? Code cleanliness?
> Or is it problematic to maintain?
Those are wrong questions to ask - the right question to ask is whether this bring any
value - and the answer is that it doesn't, then it becomes unmaintained and untested
cruft.
>> The (root-)delegation-options were introduced as a countermeasure for the infamous
>> Site Finder by Verisign[1]. With the controversy around this and introduction of DNSSEC,
>> the likelihood of this happening is infinitesimal.
>>
>> If you don't even know what those options does, the TL;DR is that it disables
>> the non-delegation records for configured domains (TLD), this in turns might
>> break legitimate TLDs like .de, .fr, .museum and others [2][3].
>>
>> If you know a legitimate reason to keep those options, please describe the use case
>> here or in the issue mention below.
>
> well, if "just for sure no other AH tries that again" is not a reason for you...
No, it will not happen again, at least not at the TLD level. The community has learned
and ICANN has learned too.
Ondrej
--
Ondřej Surý (He/Him)
ondrej at isc.org
My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.
More information about the bind-users
mailing list