On Tue, Apr 28, 2020 at 06:26:54PM -0400, John Levine wrote:
> I think we will find that the assumption that TLD zone files are
> delegation-only does not hold up very well in practice, so I am
> wondering how useful a hack to technically enforce it would really be.
There are indeed some TLDs which are not delegation-only.
For example, DeNIC is known for directly serving some small (IIRC ~5
RRsets) child domains directly out of the .DE parent zone with no zone
cut.
But that's just an implementation detail, and could change in the
future, if there was good reason to care.
But there are also some large TLDs that are delegation-only, and could
be a good place to get started. I don't see ".com" or ".net" on your
list, most of those are brand domains without open registration, and
they are legitimately free to delegate or not delegate whatever they
want.
> 54952 info
> 28012 org
> 6610 pro
Pretty much the the only two or three with non-trivial numbers that
matter on the list.
> Some mystery names:
These two patterns have been around for ages, used for some sort of
automated monitoring, and don't matter.
> monitor-nominet.abogado has address 127.0.0.1
> emt-ns1.emt-t-1070866640-1587743943997-2-ag.aarp has address 198.41.1.167
My .com zone processing code has for many years now being moving right
past these:
next if (m{^(emt-)?t-[^.]+-[^.]+-[^.]+-}io);
I am sure ways can be found to handle these sentinels (not real
child-domain delegations). For example, the spec could exclude domain
names that start with "_" or "_sentinel". And the sentinel names could
then all live there.
--
Viktor.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
