Skip to content

Add test enforcing host references in redemption domains#3109

Merged
gbrodman merged 1 commit into
google:masterfrom
gbrodman:domainRestoreReferentialIntegrity
Jun 26, 2026
Merged

Add test enforcing host references in redemption domains#3109
gbrodman merged 1 commit into
google:masterfrom
gbrodman:domainRestoreReferentialIntegrity

Conversation

@gbrodman

@gbrodman gbrodman commented Jun 25, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

Domains in the redemption grace period can still be restored, so hosts
referencing them cannot be deleted. Fortunately this is already the
case. This just adds a test.

This change is Reviewable

@CydeWeys

CydeWeys commented Jun 25, 2026

Copy link
Copy Markdown
Member

You can't outsource all your thinking to the AI ...

We can't prohibit a domain restore operation during the redemption grace period. It's part of our mandated ICANN lifecycle. The resolution that makes sense to me is restoring the domain, but with the now-deleted host(s) removed. The domain has to be restorable, then it's up to the registrar to put new nameservers on it that are still valid.

@gbrodman

gbrodman commented Jun 25, 2026

Copy link
Copy Markdown
Collaborator Author

You can't outsource all your thinking to the AI ...

We can't prohibit a domain restore operation during the redemption grace period. It's part of our mandated ICANN lifecycle. The resolution that makes sense to me is restoring the domain, but with the now-deleted host(s) removed. The domain has to be restorable, then it's up to the registrar to put new nameservers on it that are still valid.

I'm a bit insulted that you'd think I outsourced my thinking to the AI.

It's not as clear as that. The RFCs also forbid changing a domain as part of a domain:restore.

From 3915 4.2.5:
"
The requirement to provide at least one domain:add, domain:rem, or domain:chg element is updated by this extension such that at least one empty domain:add, domain:rem, or domain:chg element MUST be present if this extension is specified within an command. This requirement is updated to disallow the possibility of modifying a domain object as part of redemption grace period recovery processing.
"

And generally it's better to have loud failures than quiet modifications.

@gbrodman
Add test enforcing host references in redemption domains
556f1fa 
Domains in the redemption grace period can still be restored, so hosts
referencing them cannot be deleted. Fortunately this is already the
case. This just adds a test.
@gbrodman gbrodman force-pushed the domainRestoreReferentialIntegrity branch from 901230e to 556f1fa Compare June 25, 2026 20:43
@gbrodman

gbrodman commented Jun 25, 2026

Copy link
Copy Markdown
Collaborator Author

This is moot. We forbid host deletion. But just in case this'll add a test.

@gbrodman gbrodman changed the title Enforce host existence on domain restore Add test enforcing host references in redemption domains Jun 25, 2026
@gbrodman gbrodman requested a review from CydeWeys June 25, 2026 20:44
CydeWeys
CydeWeys approved these changes Jun 26, 2026
View reviewed changes

@CydeWeys CydeWeys left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@CydeWeys reviewed 1 file and all commit messages.
Reviewable status: :shipit: complete! all files reviewed, all discussions resolved (waiting on gbrodman).

@gbrodman gbrodman added this pull request to the merge queue Jun 26, 2026
Merged via the queue into google:master with commit 403c7ad Jun 26, 2026
16 checks passed
@gbrodman gbrodman deleted the domainRestoreReferentialIntegrity branch June 26, 2026 20:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@CydeWeys CydeWeys CydeWeys approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gbrodman @CydeWeys