This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/members-discuss@ripe.net/
[members-discuss] New (silent) reverse dns checks
- Next message (by thread): [members-discuss] New (silent) reverse dns checks
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jonas Frey
ripe at probe-networks.de
Fri Jun 7 12:20:15 CEST 2019
Hi all, we just found out that RIPE seems to have silently integrated new checks for reverse delegation of zones. Its no longer possible to add or even change a zone if the nameservers used by them are open recursors. The update will fail. Yes - open recursors are (sometimes) bad. But there are legitimate reasons to run them (freedom of speech, filtered resources etc). Once properly configured (i.e. querys rate limited) they wont pose a threat. I wasnt able to find any information on when this was implemented or if this was even voted for (please someone supply me with links if possible). I dont know of any NIC/registrar that will deny the creation/update of a domain name if the nameservers are recursors. I know that some will warn but none will refuse it. Please fix me if there are some which will indeed deny. Of course i have created a ticket about this but it all went like "fix the dns or we wont delegate". So basically this is about 2 things: silently changing checks (if it was indeed silent) and if those checks are really usefull or should rather be dropped/changed to warnings. Regards, Jonas
- Next message (by thread): [members-discuss] New (silent) reverse dns checks
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]