Search RPD Archives
[rpd] Lame delegation in AFRINIC WHOIS database
Amreesh Phokeer
amreesh at afrinic.net
Thu Oct 27 08:35:47 UTC 2016
hi nishal,
> On Oct 26, 2016, at 10:10 AM, Nishal Goburdhan <nishal at controlfreak.co.za> wrote:
>
> On 26 Oct 2016, at 9:24, Amreesh Phokeer wrote:
>
>> Dear Community,
>
> hi amreesh,
>
>> Questions to the community:
>> 1. Should AFRINIC implement operational checks that are run periodically and members are informed about the status of their domain objects.
>
> yes. you don’t need policy to do this.
would also agree, those can be implemented upfront.
>
>
>> After X reminders, if domain object still contain lame NS records, domain object are removed.
>
> this bit is trickier :-)
>
> i have some questions: do you have data on what percentage of domain objects are entered by users, vs. hostmasters, or, are enforced through a registration system (i confess i haven’t done this in a while!)
no we don’t collect data on how domain objects are created. There are two ways to do this either via WHOIS directly (auto-dbm, WHOIS web interface) or via MyAFRINIC.
> it’s rational to expect that not everyone has the same degree of concern over working rdns (reverse dns). those that don’t want it, can simply not register any domain objects (at their own risk), and, life goes on…
> so, my question above, is really asking if you have a(ny) registration system that’s enforcing domain object creation; which subsequently just simply doesn’t get actioned by the end user?
>
> additionally, it wasn’t clear to me, from a quick read of the article:
> * did you test v4 and v6 (transport, not zone type) separately
no we did not test the transport mechanism, that was outside of the scope, but we were just checking the content of the zones
> * did you test tcp and udp separately
we simply used dig (default udp) as we were not trying to do any zone transfer or DNSSEC queries.
normally all NS should respond on UDP. I wonder whether dig would do a fallback on TCP if the responds exceed 512bytes.
Anyway, I think checking which ports are open on the NS could be an exercise in itself, this will give us some insight on their readiness to for e.g. handle AAAA records (with CNAME, glue etc) and answer DNSSEC queries.
> * did you test (at least your failure set) from at least one other different location
We run the test from Mauritius and Johannesburg, a failure is when both sites give a negative response.
>
>
>> 2. Should the AFRINIC community enforce lame delegation removal through a policy.
>
> i’d support this, and i’d be willing to help write text, and test criteria, if needed.
cool, who is up for that?
>
> —n.
More information about the RPD
mailing list