<div dir="auto">+1, Dr Eberhard,<div dir="auto">Kind regards. </div><div dir="auto">Gabdibé</div><div dir="auto"><br><div data-smartmail="gmail_signature" dir="auto">Gabd ibé GAB-HINGONNE<br>Tel: (+235) 66 24 95 56/99 24 95 56<br>Skype: live:gabdibegabhingonne<br>E-mail : <a href="mailto:gabdibegabhingonne@yahoo.fr">gabdibegabhingonne@yahoo.fr</a><br><a href="mailto:gabdibegabhingonne@gmail.com">gabdibegabhingonne@gmail.com</a></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Le lun. 13 janv. 2020 20:36, Dr Eberhard W Lisse <<a href="mailto:el@lisse.na">el@lisse.na</a>> a écrit :<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Gabdibé,<br>
<br>
drafting a resolution (beforehand), or even debating a resolution, is <br>
going to achieve absolutely nothing.<br>
<br>
Mark,<br>
<br>
50% lookups is actually almost worth than zero :-)-). <br>
<br>
And how many of those hit infrastructure actually in South Africa?<br>
Does the figure include the public ones from Google and Cloudflare?<br>
<br>
My view is that this only works All-or-Nothing, because noncompliant<br>
commercial resolver operators have a commercial advantage over<br>
complaint ones.<br>
<br>
Financial incentives may work as may financial or other sanctions.<br>
<br>
One could even make it part of the Accreditation that DNSSEC must be<br>
offered by the Registrars.<br>
<br>
But while the Registrars are usually the entities operating the DNS<br>
and as such have control over the end-user's DNS anyway, the chain<br>
of trust should go up to the end user and not just the Registrar.<br>
<br>
Talking to the banks has so far not been very effective, they are<br>
happy with HTTPS even though they forget to renew their certificate<br>
on a regular basis, never mind the expense.<br>
<br>
I don't have the answer either.<br>
<br>
If anyone has a technical "solution" or project going on, and is coming <br>
to Cancun, please feel free to propose a presentation at TechDay on the <br>
Monday.<br>
<br>
greetings, el<br>
<br>
On 10/01/2020 15:26, Mark Elkins wrote:<br>
> I also like the sound of Barrack's proposal. What exactly does "DNS<br>
> Abuse" mean though?<br>
> <br>
> If it is to try and get all important Domains DNSSEC Signed and for<br>
> all DNS Resolvers to become DNSSEC aware - that would be a winner in<br>
> my book!<br>
> <br>
> Incidentally - about 50% of all DNS lookups in South Africa are DNSSEC<br>
> aware. That's actually the easy bit. Just have the Internet<br>
> Connection suppliers enable DNSSEC on their resolvers.<br>
> <br>
> Getting the bulk or at least the important Domains DNSSEC Signed will<br>
> be a bit more challenging but is quite possible; e.g. any domain for a<br>
> website which may involve a financial transaction or deal with<br>
> personal information.<br>
> <br>
> On my Domain Registration and Hosting Platform, if I am running the<br>
> Registrants DNS (Zone file), DNSSEC is simply an option the Registrant<br>
> can switch on. I could change that and simply enable it for everyone.<br>
> However, if the Domain is then moved to a Registrar that does not<br>
> support DNSSEC - there would be issues for the new Registrar.<br>
> <br>
> On 2020/01/10 14:20, Gabdibé GAB-HINGONNE wrote:<br>
>> Dear All,<br>
>> I support Barrack's proposal.<br>
>> Building the capacity of African end users on the general question<br>
>> related to the DNS is very important.<br>
>> Kind regards<br>
>> Gabdibé<br>
>><br>
_______________________________________________<br>
AFRI-Discuss mailing list<br>
<a href="mailto:AFRI-Discuss@atlarge-lists.icann.org" target="_blank" rel="noreferrer">AFRI-Discuss@atlarge-lists.icann.org</a><br>
<a href="https://atlarge-lists.icann.org/mailman/listinfo/afri-discuss" rel="noreferrer noreferrer" target="_blank">https://atlarge-lists.icann.org/mailman/listinfo/afri-discuss</a><br>
<br>
Homepage for the region: <a href="http://www.afralo.org" rel="noreferrer noreferrer" target="_blank">http://www.afralo.org</a><br>
<br>
Posting guidelines to ensure machine translations of emails sent to this list are more accurate: <a href="http://www.funredes.org/mistica/english/emec/method_emec/presentation.html#anexo1" rel="noreferrer noreferrer" target="_blank">http://www.funredes.org/mistica/english/emec/method_emec/presentation.html#anexo1</a><br>
_______________________________________________<br>
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (<a href="https://www.icann.org/privacy/policy" rel="noreferrer noreferrer" target="_blank">https://www.icann.org/privacy/policy</a>) and the website Terms of Service (<a href="https://www.icann.org/privacy/tos" rel="noreferrer noreferrer" target="_blank">https://www.icann.org/privacy/tos</a>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.</blockquote></div>