On 2019-07-08 16:38 -0500, John Bambenek <jcb=40bambenekconsulting....@dmarc.ietf.org> wrote:
In response to ICANN essentially removing most of the fields in WHOIS for domain records, Richard Porter and myself created a draft of an implementation putting these records into DNS TXT records.

Not all registered domains are published (no NS records), so what about those?

Also your proposal puts the onus of (valid) information publishing on the registrant of each domain, no more on the registrar or the registry, because _whois.example.com is under the control of example.com and not under control of the registry under which example.com lives and neither its registrar as the DNS provider may not be the registrar.

So what did I not understand about who controls and where do the _whois.example.com RRs exist?

As for:
"This means that if a domain owner were compromised,
   someone else has contact information to get in touch with the true
   own to organize remediation."
It depends on how you define "domain owner were compromised".
This could as well mean "have access to registrar panel to configure this domain" which in turns means "being able to put whatever nameservers, and hence DNS records as one wishes". But you may be relying on the TTLs of old records?
(a point not discussed I think; would long TTLs be good for those records?).

Also, a similar idea was floated on the regext mailing list sometimes ago:
https://www.ietf.org/archive/id/draft-brown-whoami-02.txt
This was using well known URIs to publish whois data and the URI DNS RR.
--
Patrick Mevzek

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to