TLDs should always be Delegation Only

[Chuck Anderson <cra@xxxxxxx>]

I agree with the conclusions of the SSAC Report on Dotless Domains,
and would like to see rules that require all TLDs to be so-called
"Delegation Only" where they only contain Resource Records related to
the structure of DNS, e.g. SOA, NS, and related DNSSEC records at the
zone apex.  All other record types such as A, AAAA, MX, SRV, LOC,
etc. should not be allowed in TLDs as they would present a significant
risk to the security and stability of the DNS.

The security issues are an especially compelling reason to disallow
dotless domains.  The implementation of the trusted Intranet zone of
Windows & the existing practice of issuing HTTPS certificates for
"local use" Common Names that don't contain a dot are especially
worrying, as their historical security assumptions would be subverted,
leading to serious security and privacy breaches.

Chuck Anderson
Network Engineer
Worcester Polytechnic Institute