[AusNOG] auDA Policy Review Panel - Public Forums

Mark Andrews marka at isc.org
Mon Feb 12 17:34:00 EST 2018


> On 12 Feb 2018, at 4:47 pm, Narelle <narellec at gmail.com> wrote:
> 
> 
> Thanks Mark
> 
> Do you really think it practical to impose policy on registrants, ie the
> garden variety name holder, for the running of a DNS fully compliant with the RFCs?

Yes.  ICANN did this with GTLD operators and you now only have a couple
of CCTLD’s that have non complying nameservers.  Many CCTLD operators also
serve GTLDs so they all their servers became compliant.

	http://ednscomp.isc.org/compliance/tld-report.html
	http://ednscomp.isc.org/compliance/summary.html

Fully compliant nameservers exist from many vendors.  This is more about
not using out-of-date servers than anything else.  The one exception that
I’m aware of is that Microsoft is yet to produce a RFC compliant EDNS server.
The latest version incorrectly echoes back EDNS options, though this is a
improvement over their earlier versions.

> If they don't come that way out of the box (and it's been a while since
> I had a close look at how bind unpacks itself, not to mention the other
> commercial variants) - most will find it extremely challenging.

BIND is fully compliant out of the box and has for over two decades.

> That said - many hosting companies do it for their customers, what does
> the list think about Mark's suggestion of being required to be complaint
> with the RFCs to register a domain name?

I would do it as after the fact.  New servers would be tested within a
week and if the server is found to be non-compliant, they would have
X weeks (X ~12) to bring it into compliance or the delegation would
stop being published.

Grand father in existing servers with 1 year to bring themselves into
compliance.

All servers would be retested periodically (~6 months) with the same X
weeks to bring themselves into compliance.

At this stage I’m taking about how the servers respond to different types
of queries.  I’m not taking about ensuring the data served is correct
though it would be useful if that was also correct.

> I suspect if that were the case people would head off to *.whatever under
> the new gTLDs or come up with even stupider *.com names just to avoid
> compliance with .au rules. And it would increase the price paid for .au.
> I'd prefer to see a stronger role from auDA, ausnog, Comms Alliance,
> IIA in education and best practice encouragement.
> 
> 
> Cheers
> 
> 
> Narelle
> 
> On Mon, Feb 12, 2018 at 3:57 PM, Mark Andrews <marka at isc.org> wrote:
> auDA are missing a fundamental policy.
> 
> “Registrants must use RFC Compliant nameservers” should have been the
> 1st policy.
> 
> At the moment over half the server listed for .au domains do not comply
> with the DNS RFC’s leading in some cases to interoperability issues with
> recursive servers. There is no penalty for deploying broken nameservers.
> 
> Every time resolvers try to do something “new” you hit broken servers that
> fail to handle that “new” thing despite the RFC’s having will defined
> behaviours specified.
> 
> Where “new" can be as little as sending a query type that isn’t a A
> record query. Yes, STD 13, said what to do.  The RFC that make up STD 13
> were published in 1987.
> 
> Fix the basics before worrying about opening up the namespace.
> 
> Mark
> 
> 
> 
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742              INTERNET: marka at isc.org
> 
> 
> 
> 
> -- 
> 
> 
> Narelle
> narellec at gmail.com

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org



More information about the AusNOG mailing list