Re: [DNSOP] Questions on draft-ietf-dnsop-delegation-only

Thu, 30 Jul 2020 14:55:43 -0700 

On 30/07/2020 15:44, Brian Dickson wrote:




On Thu, Jul 30, 2020 at 1:21 PM Joe Abley <jab...@hopcount.ca 
<mailto:jab...@hopcount.ca>> wrote:



    $ORIGIN ORG.

    BADDOMAIN NS ...
    BADDOMAIN NS ...
    NS1.BADDOMAIN A 192.0.2.1

    GOODDOMAIN NS NS1.BADDOMAIN.ORG <http://NS1.BADDOMAIN.ORG>.
    GOODDOMAIN NS ...

    If BADDOMAIN.ORG <http://BADDOMAIN.ORG> is suspended (or if the
    domain is suppressed for some equivalent reason) then the zone cut
    betwen ORG and BADDOMAIN.ORG <http://BADDOMAIN.ORG> will be removed
    (the BADDOMAIN.ORG <http://BADDOMAIN.ORG> NS set will disappear) but
    the A record above will remain, since it is linked to another
    domain, GOODDOMAIN.ORG <http://GOODDOMAIN.ORG>, that depends upon
    it. Without a zone cut, that makes the ORG servers authoritative for
    the A record.

    To a certain extent, this behaviour is a consequence of (a) the
    venerable operaetional need to suspend domains because they have
    been implicated in abuse and (b) the EPP data model used in the ORG
    registry, which itself has its origins in the RRP data model used
    before the re-delegation of ORG to PIR in 2002. As such, it's
    tempting to assert that the behaviour is a contractual requirement
    shared with all other gTLDs that are operated subject to the same
    contract that exists between PIR and ICANN, hence my question about
    applicability.



Yes, this does appear to be driven by EPP (the data model and the RFCs 
for said),



Only if you take the "hosts as objects" case (where any hosts to be used 
as to be provision like a domain but by just providing, in some cases, 
some IP addresses), which is only one of the two, the other being "hosts 
as attributes (of a domain object)"


The problem is similar to the following:

- registrar A is sponsor of domainA.example

- this domain has (not necessarily using them) hosts 
"ns1.domainA.example" and "ns2.domainA.example"

- at some point, registrar B creates domainB.example ...
using ns1.domainA.example and ns2.DomainA.example


Now, registrar A CAN NOT delete domain domainA.example anymore because 
it has "child" nameservers used elsewhere and if he could do that we are 
back to the "orphaned glue records" problem.
It can not for the same reasons delete the nameservers themselves, just 
update their names or IP addresses.


There are various solutions, all bad in some aspects:


- let the registrar A eat the bill (of domainA.example being renewed 
forever) and that is all
- convince registrar B to change the delegations (and no matter what 
amount of garbage you put in the zone server by those nameservers it 
would still not guarantee anything is changed)
- have nameservers be changed in their hostnames, so that after the 
domain can be deleted as not having child nameservers anymore; this 
works only in the "hosts as objects" case above and not always as change 
of hostname is not implemented by all registries or with restrictions 
like not internal->external renaming
(which is also a major arguments by registrars to dislike the hosts as 
attributes case)
- have the registry let the domain be deleted and then have domainB be 
broken (which it is already in a way since the delegations to those 
nameservers can be explicitly made broken; but the difference is between 
registrar A breaking registrar B stuff, or the registry breaking 
registrar B stuff).



However, is it appropriate to discuss the requirement or request to have 
the EPP spec (and contracts) changed, as a topic for DNSOP?


The above problems, for me, are only loosely related to EPP.

You could use any other provisioning protocol (if it existed) and have 
the same problem of DNS management.
The problems comes more from having a single space (the registry 
zonefile) be managed by multiple actors (registrars), collaboratively 
but also in competition.



Or does anyone know if more recent contracts include similar language, 
and what rough order of magnitude of contracts would be impacted?
E.g. If the number of contracts is O(12), vs O(1000), the conversation 
is likely to be very different.



See my other message where I quote ICANN resources where this question 
is part of the application of any 2012-era gTLD operator.



--
Patrick Mevzek

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

























					Reply via email to