IETF Logo Mail Archive

Re: [dnsext] Failure to add glue MUST cause TC to be set.

Brandon Black <blblack@gmail.com> Sun, 20 February 2011 20:14 UTC

Return-Path: <blblack@gmail.com>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 93A213A6CCA for <dnsext@core3.amsl.com>; Sun, 20 Feb 2011 12:14:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fdj7qPmNbMSX for <dnsext@core3.amsl.com>; Sun, 20 Feb 2011 12:14:14 -0800 (PST)
Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.213.172]) by core3.amsl.com (Postfix) with ESMTP id 0340A3A6CFB for <dnsext@ietf.org>; Sun, 20 Feb 2011 12:14:13 -0800 (PST)
Received: by yxd39 with SMTP id 39so611652yxd.31 for <dnsext@ietf.org>; Sun, 20 Feb 2011 12:14:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=WMR+zIaDmXYQs8hzbObglgKhwcdp/eqcQQMwKwmdolA=; b=XDUfP4G9WjwB9ogej7IcEr2pK7gSBkICem/soEhHwfCLVvoyxZ3nzGmzPBykotNO0n gFhKD18dcjjgoLMc+UcJznygUhM84q6IRVyxawSxavNkkGqbrWjGPxu0WkiOSfDD4R5I lElBqsIgKNtmHUKlffgRPtB61pRVP1vQqPhyQ=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=twp+1dapWESK+X4T7PfiGmlLE4oVqYU1NVhBd/WdwngRBfYewwatK4E/Gin0T4Ngus bMCdOnK3ZUV+AZHFblv3aJv3OPN1LL4OHb+7fJqTdihIejjes78fLZqYDmp6od2eJDdK E1sVnzCiPD4l5D4X7fHzzNLRsZfT0nLMHep2k=
MIME-Version: 1.0
Received: by 10.100.58.14 with SMTP id g14mr38882ana.199.1298232892150; Sun, 20 Feb 2011 12:14:52 -0800 (PST)
Received: by 10.101.68.7 with HTTP; Sun, 20 Feb 2011 12:14:52 -0800 (PST)
In-Reply-To: <30899A4A-833B-42EF-9850-AFEE8B8DBE02@dotat.at>
References: <20110219210716.72943A5602B@drugs.dv.isc.org> <11263.1298150425@nsa.vix.com> <20110220072916.GA3505@vacation.karoshi.com.> <30899A4A-833B-42EF-9850-AFEE8B8DBE02@dotat.at>
Date: Sun, 20 Feb 2011 14:14:52 -0600
Message-ID: <AANLkTimNujeo6KiJ4wqUU-b3qyjozVmDvR8M3XNsfmKx@mail.gmail.com>
From: Brandon Black <blblack@gmail.com>
To: Tony Finch <dot@dotat.at>
Content-Type: text/plain; charset="UTF-8"
Cc: "bmanning@vacation.karoshi.com" <bmanning@vacation.karoshi.com>, "dnsext@ietf.org" <dnsext@ietf.org>
Subject: Re: [dnsext] Failure to add glue MUST cause TC to be set.
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Feb 2011 20:14:15 -0000

On Sun, Feb 20, 2011 at 12:48 PM, Tony Finch <dot@dotat.at> wrote:
> On 20 Feb 2011, at 07:29, bmanning@vacation.karoshi.com wrote:
>
> doesn't that cause some tension - two zones being authoritative for the
> same data?
>
> No, because a parent zone is not authoritative for NS and glue address
> records at and below a delegation point.

Isn't this really a matter of semantics?  The parent zone is
authoritative for everything beneath itself, even if it choses to use
that power of authority to give a delegation response.  e.g. the .com
servers are authoritative for www.example.com, but they choose to
delegate that answer to the NS for example.com.  If example.com's
nameservers are in-bailiwick (e.g. ns1.example.com) there's no
conflict here and the parent can (and in fact, must) provide
authoritative glue.  If example.com's nameservers are somewhere
underneath .org, there's not much point in providing the glue, as a
secure resolver wouldn't believe you anyways.

v2.23.0 | Report a Bug | By Email