NymNom domains no longer resolve _psl section

[sleevi]

NymNom domains were added in #425 / #640 / #771 / #823 / #940 , as recently as 2019, largely by @DaveMcCormack

However, nymnom appears to be defunct - https://nymnom.com no longer resolves, and as pointed out in #1349 , this expiration has now been used to abuse the PSL contrary to the Guidelines

Unfortunately, in the situation highlighted by #603 , ownership of (at least some of) the domains has transferred. While, at present, these domains do not have _psl TXT records, it's entirely possible that as part of the abuse in #1349 , the new owner may add that record back in order to thwart efforts to remove.

I'd like to suggest removing all of the NymNom domains. If we opt to keep them, it seems at least consistent with the guidelines to remove the abusive cases, as we have in the past.

[sleevi]

@sirdarckcat FYI, because unfortunately, I think this use case is very problematic.

[sirdarckcat]

did you mean to point to #1349 ?

[sleevi]

D’oh, yes.

[sirdarckcat]

For nom.gd at the very least I can make it so that it doesn't do what the guidelines say not to do haha :). For the generic expired case situation, I imagine we need to expire them all (or none).

[sleevi]

Yeah, the issue (and has come up in the past) is that there are plenty of domains - like this nom.gd case - where the domain is registered, but transferred hands. The preference was to use _psl as the test, although that will impact those domains that predate that.

However, I do believe that’s separable; we have a potentially clear case here to take action on, independent of the larger problem.

[dnsguru]

@sleevi I did a fast - pass DNS review and cleared out the names that are non-resolving, NXD, SERVFAIL or other fastfails.

Folks adding stuff pretty much move on once they get their entry added to the PSL, and don't clean up after themselves.

This puts some burden on us when it happens to clean up after them. It chewed cycles to do with any reasonable elegance in the pursuit of not disrupting anything that might have remained that could be legit, should it exist.

Honestly, I think the right thing to do is to clear the entire NymNom section out and let them submit a new PR. At first I thought that was me being punative, but candidly a bit of fear that everything gets cleared out may be an effective way to reduce the set and forget attitude and would likely keep people engaged to maintain their section as they update things.

Doesn't solve for business failures or smooth entrepreneurs from moving on to the next project and being all 'new phone, who dis?' about prior project debris.

Anyways, can you review the PR #1383 ? If you think just clearing nymnom is the right thing, suggest the change when reviewing and I'll do it.

[dnsguru]

@sleevi

I am going to clear out the whole nymnom section.

This would allow nymnom, if still operating, to submit any names that they would like to restore service for.

This is a regrettable situation, but rather than wait and see how the project stakeholders want to proceed here, I am thinking that clearing out the entire nymnom section is the right approach to take.

Rather than iterative crumble reactions, which are taking volunteer bandwidth that is really not available. I can't sit and monitor stuff like this and am concerned that leaving the remaining entries is only a matter of time before they will expire, so we leave open a door that should be closed.

We'll err on the side of more security and stability in this situation, and nymnom should have more vigilance in any case to be renewing and maintaining their entries.

Hopefully, future eyes will see this issue and be less 'set and forget' about the sections that they submit.