To:
"Hollenbeck, Scott" <shollenbeck@verisign.com>
CC:
"'Sheer El-Showk'" <sheer@saraf.com>, "'ietf-provreg@cafax.se'" <ietf-provreg@cafax.se>
From:
Klaus Malorny <Klaus.Malorny@knipp.de>
Date:
Wed, 08 Aug 2001 15:17:20 +0200
Sender:
owner-ietf-provreg@cafax.se
Subject:
Re: host transfers
"Hollenbeck, Scott" wrote: > I still think it a VERY bad idea to allow transfer of a host like > ns1.example.com separate from a transfer of example.com, but there may be > some merit to allowing transfer of ns1.example.foo within a registry not > authoritative for .foo. > > Anyone else? It's been a while since this topic was originally discussed on > the list, so maybe people have had time to think about things for a while. > > <Scott/> As you asked, Scott ;-) You know, I have a somewhat diametric opinion to that. Tieing name servers to domains may be not too difficult for the registry itself, but it generates a lot of problems at the registrar level and beneath, esp. if a registrant registers his domains with multiple registrars/resellers and starts moving them around. As someone who develops software in this context the whole thing of linking name servers to domains, additionally depending on the name servers' TLDs, is an artificial obstacle, good for nothing, a graveyard for LOCs ;-) and is repeatedly a cause to reject registrations/changes. Therefore I prefer a system without this tieing. In an earlier discussion, you mentioned a way to get faked IP addresses for e.g. www.microsoft.com into the system. But this was caused by the fact that your current model always generates glue records for a name server that is contained in the registry's TLD(s). If the glue record generation is more stringent, this problem can be avoided. The model I have in mind is the following: - anyone can register any name server, and multiple name server objects may exist for a single "real" name server (similar to a person who can have multiple contacts with exactly the same data). - IP addresses can be attached to any name server, but there is no guarantee that these are used (see below) - especially, there is no difference between name servers that belong to the registry's TLD(s) or not. - in the zone file, a glue record (A/AAAA/A6 record) is generated iff the name server lies in a domain which references this name server (i.e. the domain specifies it in its NS record). It is simple and works*. In fact, this model treats nearly all name servers as the current model handles "foreign" name servers (those that don't belong to the registry's TLDs). Transfers of name servers are possible, but it is technically not required, as the other one just can create a new object. Quite easy for anyone - registries, registrars, resellers, registrants. Well, someone may argue that the integrity is not as strong as in the current model. Independently whether this true or not, I honestly think that the part the registry contributes to the integrity of a domain is quite marginal (as long as the registry does not permanently probe the associated name servers for correct configuration) so that doesn't matter. Klaus Malorny * the registry for .de works this way, except that there are no independent name server objects (the name server data is just a part of the domain data). ___________________________________________________________________________ | | | knipp | Knipp Medien und Kommunikation GmbH ------- Technologiepark Martin-Schmeisser-Weg 9 Dipl. Inf. Klaus Malorny 44227 Dortmund Klaus.Malorny@knipp.de Tel. +49 231 9703 0