To:
"Brian W. Spolarich" <briansp@walid.com>
Cc:
J?rg Bauer/Denic <bauer@denic.de>, ietf-provreg@cafax.se, James@Seng.cc, kent@songbird.com
From:
Patrick <patrick@gandi.net>
Date:
Tue, 6 Feb 2001 15:18:06 +0100
Content-Disposition:
inline
In-Reply-To:
<IPEMICCPDPPICMIONJIOKEPOCBAA.briansp@walid.com>; from briansp@walid.com on Tue, Feb 06, 2001 at 08:58:03AM -0500
Sender:
owner-ietf-provreg@cafax.se
User-Agent:
Mutt/1.2.5i
Subject:
Nameserver as object/entity or not ?
On Tue, Feb 06, 2001 at 08:58:03AM -0500, Brian W. Spolarich took time to write: > > | That´s exact the way we do it here in Germany. > | We dont´t know anything about Nameserver Objects and i still can´t see it > | as a requirement. > > As Patrick pointed out, one advantage to keeping separate NS objects is that > if one needs to change the address of a given server, only one record needs to be > updated (i.e. normalization). It would be interesting to know how often this is > used. >From experience, I can tell you that it is used. I was working before in an ISP. One day we had to change our Internet connexion, which changed the IP of our nameservers, thus the need to change the properties of all domains using these nameservers. I'm working in a Registrar now, and it happens that customer ask us to change 50 or 100 domains at the same time because they change nameservers or they change IP of one nameserver. Let me give also another attribute that we can have for a nameserver : the property, ie who owns it. It happens that sometimes people are using nameservers for a domain by mistake (ie not the correct nameserver). Then the given nameserver, not configured for the domain, is still asked for information by other nameservers around the world. That is lame delegation, ok, no big deal. But like one of our customer asked some times ago, there can be a lot of things like that, putting charge on the nameserver. The customer wanted to know if we (the Registrar) could remove the given nameserver from the list of nameserver used by domains they do not handle. Problem : how do we authentify a request like that ? The customer in question wanted just to give us a fax on company letterhead stating : such and such nameserver are ours, please be sure they are only used for domains such and such. However we have no (easy/automated/foolproof) way of verifying that was is written on the document is true. I do not know if it is useful, but having an attribute 'owned by' might be of interest. It strikes me that there is also the whole thing with DNSSEC. AFAIK (which is little) about that, nameserver have keys, and other must know them. How do you distribute keys ? If the nameserver is in object in the Registry database, you can associate with it its key to be used by whoever needs them. Just an idea. -- Patrick.