> > I strongly disagree. The DNS is the ultimate authority on whether a > > domain exists, since the way you create a domain is by making an > > entry in the DNS. Making existence of a domain depend on a > > separate registry makes no sense and is inconsistent with > > longstanding practice. > > No, the ultimate authority of whether a domain exists is the registry > of domain names. There is no registry of domain names; there are only registries for a few zones. You could claim that the registry for the other zones is in a zone file somewhere, and that's the ultimate authority for that zone, but that would be a stretch. If a domain isn't listed in DNS then practically speaking it does not exist. (LLMNR might change that if they ever make it reasonable enough to use - I will reserve judgement on the lastest draft until I have read it). Even if the domain might not be in DNS but still be in the registry for that zone, and there were a way to query that registry, would you expect apps to special-case handling of the zones that were defined by registries? Given that they couldn't get the RRs for that domain anyway, what would be the point of their doing so? We've got ~16 years of history that says that NXDOMAIN means that the domain does not exist, that is fully consistent with the protocol specifications and which is built into apps. Changing this behavior would be incompatible with all that code, and VeriSign's attempt to subvert the COM and NET zones is not a compelling reason to do so. Keith p.s. Now, with something like LLMNR we might someday have a way of distributing domain names and their RRsets that is separate from DNS, and it could be very useful for it to do so. But in order to be viable it needs to produce results that are consistent with DNS. We can't have two different lookup services for the same names producing mutually inconsistent results. Note that this is not the same problem that VeriSign is causing - VeriSign is uniformly mis-representing the COM and NET registries and mis-reporting NXDOMAIN error conditions for these zones as successful queries, which is not the same thing as producing inconsistent results depending on who is asking. But it does relate to the question of whether the DNS is the authority for DNS name information or just a way of obtaining the information.