IETF Logo Mail Archive

Re: [dnsext] Possible DNSSECbis clarifications

Joe Abley <jabley@hopcount.ca> Mon, 28 March 2011 13:07 UTC

Return-Path: <jabley@hopcount.ca>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 453EF3A680A for <dnsext@core3.amsl.com>; Mon, 28 Mar 2011 06:07:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.6
X-Spam-Level:
X-Spam-Status: No, score=-102.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gSXx5dglLuNE for <dnsext@core3.amsl.com>; Mon, 28 Mar 2011 06:07:40 -0700 (PDT)
Received: from monster.hopcount.ca (monster.hopcount.ca [IPv6:2001:4900:1:392:213:20ff:fe1b:3bfe]) by core3.amsl.com (Postfix) with ESMTP id 20A843A6803 for <dnsext@ietf.org>; Mon, 28 Mar 2011 06:07:40 -0700 (PDT)
Received: from [2001:df8:0:64:5a55:caff:feec:96bf] by monster.hopcount.ca with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.74 (FreeBSD)) (envelope-from <jabley@hopcount.ca>) id 1Q4CC4-000IN6-Sv; Mon, 28 Mar 2011 13:09:17 +0000
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="us-ascii"
From: Joe Abley <jabley@hopcount.ca>
In-Reply-To: <018401cbed48$0b8a6ac0$229f4040$@lampo@eurid.eu>
Date: Mon, 28 Mar 2011 15:09:14 +0200
Content-Transfer-Encoding: 7bit
Message-Id: <22FD4CD1-4EFB-412A-A307-485DEBE815CE@hopcount.ca>
References: <4D9042DA.30002@ogud.com> <00a701cbed28$64d1b1d0$2e751570$@lampo@eurid.eu> <EBB9E54E-15F1-46B0-81CB-4B2C7B47D598@hopcount.ca> <018401cbed48$0b8a6ac0$229f4040$@lampo@eurid.eu>
To: Marc Lampo <marc.lampo@eurid.eu>
X-Mailer: Apple Mail (2.1084)
X-SA-Exim-Connect-IP: 2001:df8:0:64:5a55:caff:feec:96bf
X-SA-Exim-Mail-From: jabley@hopcount.ca
X-SA-Exim-Scanned: No (on monster.hopcount.ca); SAEximRunCond expanded to false
Cc: dnsext@ietf.org, 'Olafur Gudmundsson' <ogud@ogud.com>
Subject: Re: [dnsext] Possible DNSSECbis clarifications
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Mar 2011 13:07:41 -0000

On 2011-03-28, at 14:54, Marc Lampo wrote:

> I agree that, if there is a record following that "last SOA", that SOA is
> obviously not the last one of the zone transfert.
> Which brings us to the question :
> Where to put that RRSIG(SOA), knowing that potentially the SOA may change
> between start and end of AXFR.
> (in which case the receiving name server must refuse just downloaded zone
> and attempt AXFR again)

Anywhere between the two SOA records seems sensible to me.


Joe

v2.14.0 | Report a Bug | By Email