On 25/10/2013 19:34, [email protected] wrote:
<SNIP>
From: Einar L?nn <[email protected]>
<snip>
what do you think is fragile? the in-baliwick glue? why?
the ip address clumping would worry me if i thought they were not
anycast.
randy
Someone did a comparison between all the ccTLD's a few years back (was it
CENTR? or RIPE? I cant find it...) where they checked stuff like this. I think
I remember 100% in-bailiwick glue was considered best as this gives most
control to the TLD itself and has the least risk of hijacking due to inzone or
out of zone dependancies.
I actually agree with this assessment, at least as long as (in the example above) the
zone "nic.xn--ngb5azd" is *very* well guarded (locked utterly) and preferrably
also never delegated. Which it might actually be, then it's suddenly much riskier as you
must have full control of the delegated zone also (which I kind of consider an inzone
dependancy)...
(Compare: In .SE the zone "NS.SE" that contains all names of all NS-records for
.SE is in-bailiwick and *not* a delegated zone).
BigMac:~ einar.lonn$ dig se ns +short
a.ns.se.
b.ns.se.
c.ns.se.
d.ns.se.
e.ns.se.
f.ns.se.
g.ns.se.
i.ns.se.
j.ns.se.
B
I'm going to point out that .se went down because of a problem right at
this point relativly recently. And .ng .... and I think there were more..
--Calvin
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
