## page was renamed from dns-operations/Matt Larson-2 ## page was copied from dns-operations/Matt Larson-1 ## page was copied from dns-operations/Matt Larson からの通告 ## page was renamed from Matt Larson からの通告 Describe Matt Larson からの通告 here. [dns-operations] Upcoming DNS behavior changes to .com/.net/.edu name servers Matt Larson mlarson at verisign.com Fri Jan 8 15:52:56 UTC 2010 {{{ 2. Glue no longer promoted to authoritative status }}} In the .com/.net registry system, a domain can be placed on an administrative hold status. A domain on hold is not published: the NS records delegating the domain are removed from the .com or .net zone. For example, registrars sometimes place a domain on hold if it is about to expire but the registrant has not responded to requests to renew it, or if it is being used for malicious activity. Currently, when a domain is placed on hold, its NS records are removed from the zone but not any of the A and AAAA records of name servers in that domain. For example, consider if the domain "example.com" existed in the registry along with the name server "ns.example.com". (An important note: whether or not the "example.com" zone itself actually uses "ns.example.com" as one of its authoritative name servers is irrelevant to the behavior described here. The important point is that "ns.example.com" is in the "example.com" domain, i.e., below it in the DNS name space.) If the "example.com" domain were placed on hold today, the NS records delegating it would be removed from the .com zone. The A and AAAA records for "ns.example.com" remain in the zone. In fact, since these records are no longer below a delegation point, they are promoted to become authoritative data. {{{ As of March 1, 2010, when a domain goes on hold, the NS records delegating the domain will be removed from the zone, and the A and AAAA records for name servers below the domain will no longer be promoted to authoritative status. }}} These A and AAAA records will not actually be removed: although they will not be returned when queried for directly, they will appear in the additional section of referrals that reference them. In the example above, if "example.com" went on hold, its NS records would be removed from the zone. But if the "example.net" domain uses "ns.example.com" as a name server, a referral response to "example.net" will include the A and AAAA records for "ns.example.com" in the additional section. A principal motivation for this change is DNSSEC. When DNSSEC is deployed in the .com and .net zones, A and AAAA records promoted to authoritative data would have to be signed, resulting in increased complexity for the overall registry system. This change in business logic (where the removal of a domain on hold also affects name servers below that domain) is consistent with the behavior of other top-level domain registries. If you have questions about these changes, you may follow up here, contact me directly, or send email to VeriSign's registry customer service group at info at verisign-grs.com. Matt Larson -- (Two lists of domains follow.)