[63062] in North American Network Operators' Group
Re: Verisign Responds
daemon@ATHENA.MIT.EDU (Dave Crocker)
Thu Sep 25 19:58:49 2003
Date: Thu, 25 Sep 2003 16:58:08 -0700
From: Dave Crocker <dhc2@dcrocker.net>
Reply-To: Dave Crocker <dcrocker@brandenburg.com>
To: nanog@merit.edu
In-Reply-To: <200309231847.h8NIlP609574@karoshi.com>
Errors-To: owner-nanog-outgoing@merit.edu
Folks,
bkc> lets try this again... why should a valid DNS protocol element
bkc> be made illegal in some parts of the tree and not others?
bkc> if its bad one place, why is it ok other places?
There very much _is_ an operational issue here, but it needs to be
characterized very carefully.
To that end, the IAB note is nicely careful and, I think, exactly right in
classifying a core "coordination" problem that comes with wildcarding.
Standards are, after all, about coordinating details among independent
participants.
The problem with wildcarding a gTLD is not that the construct
should be made illegal but that it requires a degree of coordination that was
not attempted. In this regard, the sponsored TLDs are not a problem
specifically because they are run in a more heterogeneous manner.
The IAB note captures this quite with:
In particular, we recommend that DNS wildcards should not be used in a
zone unless the zone operator has a clear understanding of the risks, and
that they should not be used without the informed consent of those
entities which have been delegated below the zone.
d/
--
Dave Crocker <dcrocker-at-brandenburg-dot-com>
Brandenburg InternetWorking <www.brandenburg.com>
Sunnyvale, CA USA <tel:+1.408.246.8253>
