[62441] in North American Network Operators' Group
Sven-Haegar Koch: Re: Root Server Operators (Re: What *are* they smoking?)
daemon@ATHENA.MIT.EDU (Paul Vixie)
Thu Sep 18 10:37:23 2003
From: Paul Vixie <paul@vix.com>
To: nanog@merit.edu
Date: Thu, 18 Sep 2003 14:23:49 +0000
Errors-To: owner-nanog-outgoing@merit.edu
--=-=-=
forwarding as requested.
--=-=-=
Content-Type: message/rfc822
Content-Disposition: attachment; filename=5675
Content-Description: forwarded message
Return-Path: <haegar@sdinet.de>
X-Original-To: paul@vix.com
Delivered-To: vixie@sa.vix.com
Received: from imap.comunit.de (imap.comunit.de [193.103.160.193])
by sa.vix.com (Postfix) with ESMTP id 365531394B
for <paul@vix.com>; Thu, 18 Sep 2003 10:06:17 +0000 (GMT)
(envelope-from haegar@sdinet.de)
Received: by imap.comunit.de (bofa-smtpd, from userid 4712)
id 58C4A250720; Thu, 18 Sep 2003 12:06:01 +0200 (CEST)
Received: from space.comunit.de (comunit.de [193.103.160.129])
(using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits))
(Client did not present a certificate)
by imap.comunit.de (bofa-smtpd) with ESMTP id 5002525027D
for <paul@vix.com>; Thu, 18 Sep 2003 12:06:00 +0200 (CEST)
Date: Thu, 18 Sep 2003 12:05:59 +0200 (CEST)
From: Sven-Haegar Koch <haegar@sdinet.de>
X-X-Sender: haegar@space.comunit.de
To: Paul Vixie <paul@vix.com>
Subject: Re: Root Server Operators (Re: What *are* they smoking?)
In-Reply-To: <20030918011156.D247613956@sa.vix.com>
Message-ID: <Pine.LNX.4.58.0309181200120.28824@space.comunit.de>
References: <20030918011156.D247613956@sa.vix.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Thu, 18 Sep 2003, Paul Vixie wrote:
*can't post to nanog, feel free to forward it*
> actually, i had it convincingly argued to me today that wildcards in root
> or top level domains were likely to be security problems, and that domains
> like .museum were the exception rather than the rule, and that bind's
> configuration should permit a knob like "don't accept anything but delegations
> unless it's .museum or a non-root non-tld". i guess the ietf has a lot to
> think about now.
"don't accept anything but delegations unless it's .museum or a non-root
non-tld" - you need to include for example .de in there too.
They don't have wildcard-records, but lots of domains (mostly from the
biggest website-sellers) don't use own nameservers, but include all
information (mx, a records) directly into the .de-zone.
One example: whois -h whois.denic.de dev0.de
(nsentry records instead of the normal nserver records - available to
everyone who can register domains/change their denic-data)
c'ya
sven
--
The Internet treats censorship as a routing problem, and routes around it.
(John Gilmore on http://www.cygnus.com/~gnu/)
--=-=-=--
