(also -- bind8 workaround published) Re: delegation-only: Who?
Paul Vixie
vixie at sa.vix.com
Thu Sep 25 03:04:18 UTC 2003
"Jim McAtee" <jmcatee at mediaodyssey.com> writes:
> Over the past several days I've read a lot of conflicting opinions on which
> TLDs could/should/can be safely designated as delegation-only. The list of
> those zones that should not be so designated seems to be constantly shifting.
> I've come to the conclusion that we won't be using the "root-delegation-only"
> option, as I can't make heads nor tails of the statements.
the current list of what's working for us at ISC will be maintained at the
http://www.isc.org/products/BIND/delegation-only.html
page, which by the way has just been updated with a rather ugly workaround
for BIND8 sites.
> So, I'll use delegation-only zones. Obviously "com" and "net" will be
> designated. What others can safely be designated delegation-only?
what do you mean by "safely"? to my mind, .MUSEUM is on the list because
the wildcard was in its original application, which was approved by icann.
.US and .DE are on the list because they put customer data (A and MX) into
the zone itself in order to somehow save the apparent cost of an NS and a
separate nameserver -- and at the moment, neither one has a wildcard.
so far no trouble. if anyone knows of other non-wildcarded tld's who put
customer data into the tld zone itself, or of other wildcarded tld's whose
wildcard was approved by icann at the time of application, please let us know.
tld wildcards serve only the interests of the registry. the registrars,
and the registrants, and the querying public, all pay indirect costs and
only the registry gets any benefit. i have a caretaker role for .TK and
it has a wildcard which i think should not be there but i'm not responsible
for the content or it would be gone by now. therefore my advice is to not
exclude the "TK" zone in your root-delegation-only configuration.
--
Paul Vixie
More information about the bind-users
mailing list