From baya.sylvain at cmnog.cm Mon Mar 23 06:07:13 2026 From: baya.sylvain at cmnog.cm (Sylvain BAYA) Date: Mon, 23 Mar 2026 07:07:13 +0100 Subject: [DBWG] in domain obj, identical nserver: attributes In-Reply-To: References: <0755695f-3962-400e-b098-5edc981e60b2@cmnog.cm> <02790fd6-7df3-4244-bf47-6099399583f8@cmnog.cm> Message-ID: Le 20/02/2026 ? 13:38, Frank Habicht a ?crit?: > > > On 2/20/2026 1:48 PM, Sylvain BAYA wrote: >> Le 20/02/2026 ? 07:34, Frank Habicht a ?crit?: >>> Hi, >>> >>> On 2/20/2026 3:16 AM, Sylvain BAYA wrote: >>>> Le 19/02/2026 ? 14:41, Frank Habicht a ?crit?: >>>>> should there also be a check that for any new domain object there >>>>> are not two nserver: attributes pointing to the exact same server >>>>> name? >>>>> >>>> >>>> No! imho, i see less interest and not existing >>>> documentation to support such a process. >>>> >>>> Maybe you have more context to share, then i >>>> need to figure it out. Do kindly provide more >>>> element, for me to eventually reconsider my >>>> actual PoV (Point of View). >>>> >>> >>> I admit and agree that the current letter-of-the-law does allow >>> >> nserver:??????? ns1.ibits.xyz >>> >> nserver:??????? ns1.ibits.xyz >>> >>> but is this really possibly the intend of the originator of this data? >>> >> >> Hi Frank, >> >> Good question and my answer is: yes! >> >> Possible scenario: >> >> --if the implementation of that class attribute >> is of the kind: >> --multiple means two or more; > > https://afrinic.net/support/whois/getting-started > 'An attribute that is "multiple" can be used more than once in an > object.' > So it's _once_ or more. > Hi Frank, ...i went to your email again and it's clearer to me now: the key word is "*can*". The manual is saying what you said...i misunderstood it on the first read :'-( again: my english! i apologize! ...then, if it's allowed to insert/create only *one* 'nserver:' attribute to a domain object; therefore it become more difficult to fix the problems [1,2,3] you are pointing us to. __ [1]: Having only one 'nserver:' attribute is still allowed! [2]: Allowing two same 'nserver:' attributes is not good, while considering the BCOP which recommends to have two DNS authoritative nameservers within two separate ASs ;-). [3]: It's worse if the two 'nserver:' attributes whith the same content is a lame delegation. _Questions_: What's the actual intent of the rule? What should be now the intent of the rule? > > I found for instance 198.29.196.in-addr.arpa and its neighbors to have > only one. (Due to deletion due to lameness) > >> --then a user with only one DNS authoritative >> server, at the moment, >> --would be tempted to fill the same data to a >> --secondary *mandatory* attribute. >> --. > > I think the reason doesn't apply.... > Brother, if you are right; then i think the context is worse imho :'-( you have two attributes in one and your DNS authoritative server is lame... ...what's different if you had only one attribute? :-/ ...i imagine that: ? i1. a Whois domain object with a single 'nserver' attribute is more inclined to lameness; than with two of such attributes. ? i2. a good fix should consider to first start by disallowing single 'nserver' attribute ? i3. a next step could be to implement a diff of two 'nserver' attributes when a domain object is created. ? i4. after that, it could be useful to make sure that fixing lameness is at the core of any of the recommended changes ? i5. prior to all these changes, i think we need a BCOP document on "/*DNS Auth Nameserver Requirements for 'nserver:' attributes*/". ? i6. then a tool like container image to deploy such Auth nameservers (at least 2 in different locations). Shalom, --sb. > > Frank > -- Best Regards ! baya.sylvain [AT cmNOG DOT cm] | cmNOG's Structure | CAMIX's Website | Douala-IX's Looking Glass | cmNOG's Surveys | Subscribe to cmNOG's Mailing List | __ #LASAINTEBIBLE|#Eph?siens5:18,15-21?[...] 18 Et *_ne vous enivrez_* pas *_de vin_*, en quoi *_il y a de la dissolution_*; mais *_soyez remplis de l'Esprit_*, [...]? ?#LASAINTEBIBLE|#H?breux13:9,5-15?[...] 9 _*Ne soyez pas seduits par*_ des _*doctrines diverses*_ et _*etrangeres*_, car il est bon _*que le coeur soit affermi par la grace*_, non par les viandes, lesquels n'ont pas profite ? ceux qui y ont marche. [...]? #AMEN,#Maranatha,#MerciJ?SUS! #?MaPri?re? est que tu naisses de nouveau.#Chr?tiennement -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_0x0387408365AC8594.asc Type: application/pgp-keys Size: 19437 bytes Desc: OpenPGP public key URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature.asc Type: application/pgp-signature Size: 840 bytes Desc: OpenPGP digital signature URL: