In message <6.2.5.6.2.20130522123025.0b3efed0@xxxxxxxxxxxx>, SM writes: > At 05:56 22-05-2013, Moriarty, Kathleen wrote: > >providers. While tying this to contracts seems like a good idea, > >that is out of our hands at the IETF. If we went down the path of > >enforcement through contracts, I wouldn't view this as picking > >fights, but rather a proactive service to 'help' customers. Having > > said that, I think if we can improve the applications that > > generate their DNS files, it would be more effective long > > term. While some teams are technical enough to validate their own > > DNS, others prefer more full service applications. > > > >Maybe a review of existing applications would be helpful for the > >community? I just see the following on Wikipedia: > >http://en.wikipedia.org/wiki/Comparison_of_DNS_server_software > >and > >http://en.wikipedia.org/wiki/DNS_management_software > > > >How about adding a column for compliance to RFCs? Or a description > >that makes people > > RFC 1035 is updated by 24 RFCs. There are a few errata which has > been filed. The topic says "standards complaint". Which standard(s) > does that refer to? I read "compliance to RFCs", which RFCs does the > implementation have to comply with? RFC 1034 and RFC 1035 I've tried to capture the reason why I started this thread in: http://tools.ietf.org/html/draft-andrews-dns-no-response-issue-01 Basically nameservers are supposed to reply to queries directed at them. RFC 1034 and RFC 1035 have enough error codes that you should be able to reply to every query sent to them. You don't have to return the data. You don't even have to understand the query. You do have to respond. So if the message is 12 octets or bigger and the QR bit is set to 1 you should be able to respond. RFC 1034 and RFC 1035 have a response code for *every* possible message you receive. > It has been mentioned [1] on this mailing list that: > > "But there was no energy to get the work done and the drafts languished > for months without any changes. It still seems a worthwhile project, > but there is no evidence that we have a population interested enough > to do the work." > > If the IETF discusses about contracts the discussion will evolve into > turf wars (an acrimonious dispute between rival groups over territory > or a particular sphere of influence). The interesting point in the > message (quoted above) is about providing information so that people > can assess what's good or bad. In my opinion it's doable (note that > I am leaving out a few minor details :-)). > > At 07:00 22-05-2013, John C Klensin wrote: > >I wouldn't suggest trying to mandate anything top-down. If > >nothing else, ICANN's track record for being able to enforce its > >mandates is very poor (and that is arguably a good thing). On > > :-) > > >the other, we talk a lot about reputations and the advantages of > >end sites being able to base policies on them. If whatever the > >actual restrictions that, according to Stephane, forbid TLDs > >from imposing "we require you to have a competent nameserver and > >will test" were removed then, especially with the coming huge > >increase in TLDs, it would make it possible for registries to > >compete on the degree to which they wanted to offer assurances > >of quality DNS servers and services in subsidiary zones. > > Yes. I gather that domain name are registered to advertise services > and that these services rely on working nameservers. > > I was reading the following [2] (the reader is cautioned against > drawing hasty conclusions): > > "AFNIC (The sole registrar of .fr domains) does not follow the > ICANN policies > for name server queries." > > Here's a gem: > > "Other registrars are fully able to query our name servers on TCP port 43 > (the ICANN required port)." > > Nameservers hosting Icelandic domains (.IS domains) must comply with > requirements [3]. > > More reading [4]: > > "The .DE registry has certain requirements for nameservers that > can be applied > to .DE domains. Some of those requirements are that the > nameserver IP addresses > must be in separate class C networks, and that the nameserver > must provide SOA." > > For .NL domains, the nameservers must comply with the registry > requirements [5]. > > People put more effort and money in trademarking strings than making > the strings work. > > Regards, > -sm > > 1. http://www.ietf.org/mail-archive/web/ietf/current/msg79409.html > 2. https://my.bluehost.com/cgi/help/536 > 3. http://www.isnic.is/en/host/req > 4. http://www.namecheap.com/support/knowledgebase/article.aspx/294/ > 5. http://www.opensrs.com/docs/opensrsrwi/nl_dns_requirements.htm > -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@xxxxxxx