IETF Logo Mail Archive

Re: [dnsext] Name equivalence: Another no protocol change solution

Niall O'Reilly <Niall.oReilly@ucd.ie> Mon, 13 September 2010 19:20 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 43E5B3A6A70; Mon, 13 Sep 2010 12:20:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.998
X-Spam-Level:
X-Spam-Status: No, score=-5.998 tagged_above=-999 required=5 tests=[AWL=0.001, BAYES_00=-2.599, J_CHICKENPOX_55=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xs0icbAgxijC; Mon, 13 Sep 2010 12:20:26 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id D070F3A69F9; Mon, 13 Sep 2010 12:20:25 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.72 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1OvEVV-000Dhh-5s for namedroppers-data0@psg.com; Mon, 13 Sep 2010 19:16:01 +0000
Received: from mailhub.ucd.ie ([193.1.169.37] helo=cali.ucd.ie) by psg.com with esmtps (TLSv1:RC4-MD5:128) (Exim 4.72 (FreeBSD)) (envelope-from <Niall.oReilly@ucd.ie>) id 1OvEVS-000DhC-6z for namedroppers@ops.ietf.org; Mon, 13 Sep 2010 19:15:58 +0000
Received: from conversion-daemon.cali.ucd.ie by cali.ucd.ie (Sun Java System Messaging Server 6.2-4.03 (built Sep 22 2005)) id <0L8P002019H6QD00@cali.ucd.ie> (original mail from Niall.oReilly@ucd.ie) for namedroppers@ops.ietf.org; Mon, 13 Sep 2010 20:15:54 +0100 (IST)
Received: from [10.0.1.177] (bark.no8.be [83.141.81.52]) by cali.ucd.ie (Sun Java System Messaging Server 6.2-4.03 (built Sep 22 2005)) with ESMTPSA id <0L8P0014M9IHSY10@cali.ucd.ie>; Mon, 13 Sep 2010 20:15:54 +0100 (IST)
Date: Mon, 13 Sep 2010 20:15:57 +0100
From: Niall O'Reilly <Niall.oReilly@ucd.ie>
Subject: Re: [dnsext] Name equivalence: Another no protocol change solution
In-reply-to: <1B0679E8FE7160C3E91E246B@Ximines.local>
To: Alex Bligh <alex@alex.org.uk>
Cc: namedroppers@ops.ietf.org
Message-id: <4C8E786D.7070105@ucd.ie>
MIME-version: 1.0
Content-type: text/plain; format="flowed"; charset="UTF-8"
Content-transfer-encoding: 7bit
References: <C0F55485EA77FDF78E9B0398@Ximines.local> <4C8E266D.3070702@ucd.ie> <952FA12530B5693E36B03554@Ximines.local> <4C8E399F.8090300@ucd.ie> <C1D6C4E4CDAB83BE68BE10B0@Ximines.local> <4C8E4B65.5030402@ucd.ie> <9C2DE15E0F640A9D041DD421@Ximines.local> <4C8E530F.1050009@ucd.ie> <1B0679E8FE7160C3E91E246B@Ximines.local>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-IE.utf8; rv:1.9.1.12) Gecko/20100826 Thunderbird/3.0.7
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
List-Unsubscribe: To unsubscribe send a message to namedroppers-request@ops.ietf.org with
List-Unsubscribe: the word 'unsubscribe' in a single line as the message text body.
List-Archive: <http://ops.ietf.org/lists/namedroppers/>

	Alex,

On 13/09/10 17:49, Alex Bligh wrote:
> Right, and the coexistence of those other records is the problem, yes?
> If so, I wrote:
>> 1. Apparent pseudo-regulatory requirement to ensure TLDs operate with
>> recursive sameness. This is making TLD1 == TLD2.
> ...
>> Problem 1 can, it seems to me, be solved by DNAME. DNAME only doesn't
>> do the job when there is a record at the apex, because DNAME+CNAME
>> can't coexist. Few if any TLDs have records at their apexes.
>
> By assumption (last sentence) there are no records that need to
> be at b2.

	I don't see how that "last sentence" applies to a delegated
	zone apex or to its mirror images under "sameness".

> IE I am assuming problem 1 (need for recursive sameness beyond
> that which provisioning could give us) only applies in circumstances
> where coexisting records do not exist. So far the only use
> people who have said "provisioning doesn't work for this" are
> TLDs.

	I think you may be missing what they mean when they make that
	statement.  I don't believe it's the provisioning of a handful
	of equivalent TLD zones that gives them cause to say this.
	That can't be beyond the intellectual and material resources
	of a TLD registry.

	Their trouble with provisioning, as I understand it, lies not
	between them and the root, or within their own bundle of
	equivalent TLD zones, but between them and their registrants,
	to whom they want to be able to offer a group of domains which
	are dependably coupled, and remain so without extraordinary
	requirements for expertise and effort on the part of the
	registrants or their agents (registrars, DNS hosting providers).

	What the TLD registries appear to need is a means to tie a
	whole bundle together so that it can be managed by or for the
	registrant with no more trouble than if a single, traditionally
	delegated zone were involved.  Parallel delegation is easy for
	the TLD registry, but burdensome for the registrant.  Pseudo-
	delegation using DNAME in the TLD zone in parallel with a zone
	cut deprives the registrant of the means to populate all but one
	of the supposedly equivalent apices (apexes?).  Provisioning
	offers only these two approaches today, and so doesn't support a
	credible service for TLD registries to offer to their particular
	communities.

	Of course I'm projecting my notion of somebody else's problem.
	It would be helpful if one or other of those somebodies would
	confirm what they mean by "provisioning doesn't work for this".
	I'll be quite content to learn that I'm wrong, should that be
	how it turns out, because we'll have gained some clarity.

	Niall O'Reilly

v2.23.0 | Report a Bug | By Email