I strongly disagree. The DNS is the ultimate authority on whether a
domain exists, since the way you create a domain is by making an
entry in the DNS. Making existence of a domain depend on a
separate registry makes no sense and is inconsistent with
longstanding practice.
No, the ultimate authority of whether a domain exists is the registry
of domain names.
There is no registry of domain names; there are only registries for a
few zones. You could claim that the registry for the other zones is
in a zone file somewhere, and that's the ultimate authority for that
zone, but that would be a stretch. If a domain isn't listed in DNS then
practically speaking it does not exist. (LLMNR might change that if they
ever make it reasonable enough to use - I will reserve judgement on the
lastest draft until I have read it).
Even if the domain might not be in DNS but still be in the registry for
that zone, and there were a way to query that registry, would you expect
apps to special-case handling of the zones that were defined by
registries? Given that they couldn't get the RRs for that domain
anyway, what would be the point of their doing so?
We've got ~16 years of history that says that NXDOMAIN means that the
domain does not exist, that is fully consistent with the protocol
specifications and which is built into apps. Changing this behavior
would be incompatible with all that code, and VeriSign's attempt to
subvert the COM and NET zones is not a compelling reason to do so.
Keith
p.s. Now, with something like LLMNR we might someday have a way of
distributing domain names and their RRsets that is separate from DNS,
and it could be very useful for it to do so. But in order to be viable
it needs to produce results that are consistent with DNS. We can't have
two different lookup services for the same names producing mutually
inconsistent results.
Note that this is not the same problem that VeriSign is causing -
VeriSign is uniformly mis-representing the COM and NET registries and
mis-reporting NXDOMAIN error conditions for these zones as successful
queries, which is not the same thing as producing inconsistent results
depending on who is asking. But it does relate to the question of
whether the DNS is the authority for DNS name information or just a way
of obtaining the information.