© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
Hey, So we have three different things here, I'll address the first two now.
> (a) The first-come-
Correct - This is something every DNS provider struggles with, there is just no mechanism for implementing this other than as a manual support process which we could include in Designate. I'm aware of one provider who's managed this, CloudFlare, whereby they assign each zone two NS records out of a larger pool of available NS records. When the zone delegation is updated, they identify the "true" owner and activate the appropriate zone based on matching of the assigned NS's to the delegation.
They have a good write up on this here: https:/
All that said, I don't believe this is something we should implement in Designate. DNS providers have dealt with this issue successfully for years as a manual process. We should however include a description of this within the docs.
> (b) Registration of second-level public suffixes such “co.uk” is not blocked. If a tenant creates such domains, no one else can create subdomains under that, including legitimate domain names such as “example.co.uk“.
Designate include's functionality to protect against this, where the list of TLDs (we call co.uk etc a TLD, even if it's not technically accurate) can be imported and treated as as such. We should ensure the documentation encourages deployers to keep the list of TLDs up to date, using a source such as the IANA TLD list (for true single label TLDs), and the Mozilla sponsored "Public Suffix List" https:/
Beyond this, there is little we can do. We have no way of knowing if "foo.uk" will become a TLD, or a standard zone in the future.. :(