Dan Hollis wrote:
On Tue, 23 Sep 2003 bmanning@karoshi.com wrote:
On Mon, 22 Sep 2003, Dave Stewart wrote:
Courts are likely to support the position that Verisign has control of .net and .com and can do pretty much anything they want with it.
ISC has made root-delegation-only the default behaviour in the new bind, how about drafting up an RFC making it an absolute default requirement for all DNS?
That would be making a fundamental change to the DNS to make wildcards illegal anywhere. Is that what you want?
no it wouldnt. it would ust make wildcards illegal in top level domains, not subdomains.
Actually, it's worst than that. root-delegation-only does not just change the wildcard behavior. RRs which are in the tld itself instead of being delegated (like some of the ccTLDs) break if forced into root-delegation-only. This is one of the points in the IAB opinion concerning remedies causing other problems. The issue itself is political, but it does have technical ramifications. It's still to be seen if ISC's cure is worse than the disease; as instead of detecting and stoping wildcard sets, it looks for delegation. It is also configurable to a degree that inexperienced operators will break their DNS implementations out of ignorance (like ignoring the ISC recomendation and root-delegating .de). One should consider sponsored TLDs like .museum the exception. If you have filtering rules (like smtp) that are bypassed as a result of the wildcard, then those rules themselves should be changed. The sponsored TLDs and even a lot of the ccTLDs have a rather small subdomain base, allowing for unified agreement on changes made to the zone. The legacy TLD's should be rather static to ensure stability in DNS architecture overall. The subdomain base is massive, making communication and agreement on changes difficult. If I'm not mistaken, this is one of the duties of ICANN. -Jack