Re: draft-hollenbeck-grrp-reqs-06 [Was Re: Interim Meeting]

[Patrick <patrick@gandi.net>]

On Mon, Feb 05, 2001 at 01:55:20PM -0500, Brian W. Spolarich took time to write:
> |   [10] All registrars MUST be authorized to register objects in the
> |   registry.  Name server registration MUST be limited to the registrar
> |   of the name server's parent domain.  Unauthorized attempts to register
> |   a name server in a parent domain administered by another registrar
> |   MUST be explicitly rejected.
> |
> | One of the conflicting Reqs which I am sure Scott understand. Conflict
> | Case: Domain D1 with Nameservers NS1, NS2 registered thru Registrar R1
> | and Domain D2 with also Nameservers NS1, NS2 registered thru Registrar
> | R2? And who to say that the ISP must and only must use one registrar to
> | work around this?
> 
>   I guess I'm dense, but I don't understand requirement 3.4[10] or James'
> response.  Can someone provide a concrete example of the problem that this
> requirement is trying to avoid?

Here is my try :
I register domain foobar.com handled by nameserver ns1.foobar.com and
ns2.foobar.com
(note : nameserver in domain name)

If anyone can register ns1.foobar.com & ns2.foobar.com (with IP) then
basically anyone can hijack my domain (pointing www.foobar.com to
whatever IP, etc...)

Thus the nameservers must be only registered by the Registrar who has
registered foobar.com, and the Registrar must ensure that only
someone with authority on foobar.com (contacts) can create
*.foobar.com

There is no conflict possible in that case.
A given nameserver can only be registered once (even if it is used in
many domains) through only a given Registrar.

Patrick.