[sf-lug] DNS - a most(/best?) persnickety set of requirements and recommendations

[Michael Paoli]

DNS - a most(/best?) persnickety set of requirements and recommendations

Although it's been a while, and I may not be fully current with this
situation, among the multiple registrars, and many (several dozen) TLDs
I've dealt with around the world, the one that was (and likely still
is) the most persnickety on DNS requirements, was for the de TLD.  Our
rule of thumb (and never seemed at all to fail us) where I worked with
these, was so long as it passed all the tests, checks, and requirements
on DNS for de, it would pass and work for any and all TLDs.

Some of the requirements for de go above and beyond what remains
necessary for best practices, but it does make a quite failsafe set of
checks - at least within the scope of what can be remotely checked - to
quite ensure an at least sufficient set of best practices are adhered
to.  E.g. some of their checks on the relative independence of the
nameservers, based upon their IP addresses, may have been fully
applicable once-upon-a-time, but nowadays DNS servers may be quite
redundant and independent without necessarily having the level of IP
separation the de tests require.  In any case, it's a quite good set of
checks to go by and compare against, and if one passes or exceeds that
set of criteria, one has most likely gotten at least that portion of
DNS done quite well (at least insofar as the DNS data and its basic
reachability is concerned).

Anyway, that DNS requirement information can be reviewed (in English),
here:
https://www.denic.de/fileadmin/public/documentation/DENIC-23p_EN.pdf