Phillip Vandry <vandry@Mlink.NET> writes:
How do you find them all? You could check your DNS logs for lame delegations and collect a list, but that's not all that great.
NSI used to make the root zone files freely available via FTP; they are still up for FTP, but not without restriction. You can apply to NSI to get a login and password to FTP into the restricted zone host; if you have a decent justification for why you need the data, you can obtain one without much trouble. Once you have the root zone files, you can list all of the domains registered on your nameservers; I have a small set of perl scripts that massage the data into a more usable format. I've been meaning to tar them up and make them available for a while now. Or roll your own, it's not particularly difficult. [ ... ]
While they're at it, I should be able to NAK a registration or domain modification so that it is cancelled if I don't want it on my nameservers.
According to the original Guardian paper, setting the BEFORE-USE attribute on a host record would require the nameserver admin to ACK every domain registration before their nameserver could be listed for that domain. However, the BEFORE-USE attribute has never been implemented for contacts or host records. When the issue was raised on guard-talk@internic long long ago, an NSI rep explained that BEFORE-USE was never implemented because ``there was no consensus from the community that we should implement BEFORE-USE'', and because they were ``afraid that people would erroneously set BEFORE-USE on their nameservers or contacts and be deluged with mail requesting ACKs on new domain registrations, and new domain registrations would get slowed down, and the queues would back up forever'' (paraphrased). I may actually still have that thread in an old guard-talk mailbox, I should dig it up. -- Michael Handler <handler@sub-rosa.com> you might surprise yourself