Wildcards: ICANN and IAB posted their commentaries
You can find them here: http://www.iab.org/documents/docs/2003-09-20-dns-wildcards.html http://www.icann.org/announcements/advisory-19sep03.htm I've just checked that VeriSign has not voluntarily suspend the service Best Roque Ing.Roque Gagliano rgaglian@adinet.com.uy
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 19 Sep 2003 rgaglian@adinet.com.uy wrote:
Folks, In regards to the statement above, the Security and Stability Advisory Committee is sincerely interested in your feedback regarding this issue. We are currently working on a report that details the impacts of wildcards at the TLD level, and elsewhere as appropriate. I would like to request that you restrict your comments to actual operational issues. That will help ensure that they get due consideration. We're most interested in issues related to things that worked before, but don't now; and particularly interested in non-obvious cases. Of course, if you have other points of interest on this topic, we're all ears. The e-mail address for your feedback is secsac-comment@icann.org. Doug -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/a9//yIakK9Wy8PsRAkQqAJwPXQzltTL4Kp4NRfSJR56gwBbdgQCg+WOc Py1DIywm8FKhA3Q/v4XxrmY= =jdSM -----END PGP SIGNATURE-----
if you installed the first isc wildcard patch you probably want the second. see www.isc.org/products/BIND/delegation-only.html for details. the first patch didn't handle NS lookups (which don't occur in nature but it's sort of unnerving when they don't work in "dig"). in addition to the "type delegation-only" zones, the latest release candidate has an additional "root-delegation-only" option. this looks like: options { root-delegation-only exclude { "de"; "museum"; }; }; thus the delegation-only behaviour becomes the default for the root domain, and all tld's except those listed. DE has no wildcards but they do put customer A RRs into the DE zone itself. MUSEUM has a wildcard but this was part of their application and it was approved and has not been a problem. f.6to4-servers.net is now running this if you want to try before you, um, buy. thanks very much to the membership of the bind forum who make this possible. -- Paul Vixie
Hello Paul , Am I correct in the understanding that the below tells me that 9.2.2p2 does NOT contain the ablility to do root-delegation-only ? Tia , JimL On Sat, 20 Sep 2003, Paul Vixie wrote:
if you installed the first isc wildcard patch you probably want the second. see www.isc.org/products/BIND/delegation-only.html for details. the first patch didn't handle NS lookups (which don't occur in nature but it's sort of unnerving when they don't work in "dig"). in addition to the "type delegation-only" zones, the latest release candidate has an additional "root-delegation-only" option. this looks like:
options { root-delegation-only exclude { "de"; "museum"; }; };
thus the delegation-only behaviour becomes the default for the root domain, and all tld's except those listed. DE has no wildcards but they do put customer A RRs into the DE zone itself. MUSEUM has a wildcard but this was part of their application and it was approved and has not been a problem. f.6to4-servers.net is now running this if you want to try before you, um, buy. thanks very much to the membership of the bind forum who make this possible. -- +------------------------------------------------------------------+ | James W. Laferriere | System Techniques | Give me VMS | | Network Engineer | P.O. Box 854 | Give me Linux | | babydr@baby-dragons.com | Coudersport PA 16915 | only on AXP | +------------------------------------------------------------------+
participants (4)
-
Doug Barton -
Mr. James W. Laferriere -
Paul Vixie -
rgaglianīŧ adinet.com.uy