> Having experience as the co-chair of PROVREG WG, I'd like to make a > case that the DNS isn't the best means to determine if an object > (even if it is a domain name) is registered - it's a first order > guess but not the last word. I strongly disagree. The DNS is the ultimate authority on whether a domain exists, since the way you create a domain is by making an entry in the DNS. Making existence of a domain depend on a separate registry makes no sense and is inconsistent with longstanding practice. What's happening here is that the COM and NET zones were supposed to reflect their respective registries, but Verisign is adding records to the DNS that are not in the registry. This is fraud. > There are > plenty of network address objects in use - in routing tables - that > are not in the reverse DNS map. that's not the same thing at all. DNS is not the authority for whether a device is connected to the net. DNS is the authority on whether a DNS name exists.