To:
"Hollenbeck, Scott" <shollenbeck@verisign.com>
CC:
"'Sheer El-Showk'" <sheer@saraf.com>, "'ietf-provreg@cafax.se'" <ietf-provreg@cafax.se>
From:
Klaus Malorny <Klaus.Malorny@knipp.de>
Date:
Wed, 08 Aug 2001 15:17:20 +0200
Sender:
owner-ietf-provreg@cafax.se
Subject:
Re: host transfers
"Hollenbeck, Scott" wrote:
> I still think it a VERY bad idea to allow transfer of a host like
> ns1.example.com separate from a transfer of example.com, but there may be
> some merit to allowing transfer of ns1.example.foo within a registry not
> authoritative for .foo.
>
> Anyone else? It's been a while since this topic was originally discussed on
> the list, so maybe people have had time to think about things for a while.
>
> <Scott/>
As you asked, Scott ;-)
You know, I have a somewhat diametric opinion to that. Tieing name servers to
domains may be not too difficult for the registry itself, but it generates a
lot of problems at the registrar level and beneath, esp. if a registrant
registers his domains with multiple registrars/resellers and starts moving
them around. As someone who develops software in this context the whole thing
of linking name servers to domains, additionally depending on the name
servers' TLDs, is an artificial obstacle, good for nothing, a graveyard for
LOCs ;-) and is repeatedly a cause to reject registrations/changes. Therefore
I prefer a system without this tieing.
In an earlier discussion, you mentioned a way to get faked IP addresses for
e.g. www.microsoft.com into the system. But this was caused by the fact that
your current model always generates glue records for a name server that is
contained in the registry's TLD(s). If the glue record generation is more
stringent, this problem can be avoided.
The model I have in mind is the following:
- anyone can register any name server, and multiple name server objects
may exist for a single "real" name server (similar to a person who
can have multiple contacts with exactly the same data).
- IP addresses can be attached to any name server, but there is no
guarantee that these are used (see below)
- especially, there is no difference between name servers that belong
to the registry's TLD(s) or not.
- in the zone file, a glue record (A/AAAA/A6 record) is generated
iff the name server lies in a domain which references this name server
(i.e. the domain specifies it in its NS record).
It is simple and works*. In fact, this model treats nearly all name servers as
the current model handles "foreign" name servers (those that don't belong to
the registry's TLDs). Transfers of name servers are possible, but it is
technically not required, as the other one just can create a new object. Quite
easy for anyone - registries, registrars, resellers, registrants.
Well, someone may argue that the integrity is not as strong as in the current
model. Independently whether this true or not, I honestly think that the part
the registry contributes to the integrity of a domain is quite marginal (as
long as the registry does not permanently probe the associated name servers
for correct configuration) so that doesn't matter.
Klaus Malorny
* the registry for .de works this way, except that there are no independent
name server objects (the name server data is just a part of the domain data).
___________________________________________________________________________
| |
| knipp | Knipp Medien und Kommunikation GmbH
------- Technologiepark
Martin-Schmeisser-Weg 9
Dipl. Inf. Klaus Malorny 44227 Dortmund
Klaus.Malorny@knipp.de Tel. +49 231 9703 0