[Dnssec-deployment] Publishing DS records in WHOIS
Ed.Lewis at neustar.biz
Fri Jul 30 02:06:52 EDT 2010
At 10:52 +1200 7/30/10, Jay Daley wrote:
>Does anyone have any view on whether registries should publish DS records
>in their WHOIS?
We don't. DNSSEC has nothing to do with WhoIs, in short, from a
systems development point of view, there was no need to have any task
But why list the NS set, isn't that the same thing?
Here's a watery argument. "Shared fate." The DS records are
authoritative in the registry's DNS - if you can't reach that you
also can't get the referral to the registrant's servers. As for the
NS set, it's possible you can't see what the registry has (if the
registrant's zone is also on all of the registry's servers.
Another argument is that the WhoIs is a fallback for a broken DNS set
up, and you might want to try to debug a situation. It's plausible
that you could by hand deal with name servers, but doing validation
by hand probably not.
That's an odd case. But nothing is all that rigorous in WhoIs. I
suppose it wouldn't hurt to add, but on the other hand, we saw no
value in upsetting yet another apple cart when developing.
NeuStar You can leave a voice message at +1-571-434-5468
Spouses, like Internet protocols, lack necessary troubleshooting tools. Sigh.
More information about the Dnssec-deployment