Re: [dnsext] CDS RRTYPE review - Comments period end Mar 29th

"George Barwood" <george.barwood@blueyonder.co.uk> Wed, 09 March 2011 14:03 UTC

Return-Path: <george.barwood@blueyonder.co.uk>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B65BD3A69DC for <dnsext@core3.amsl.com>; Wed, 9 Mar 2011 06:03:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.675
X-Spam-Level:
X-Spam-Status: No, score=0.675 tagged_above=-999 required=5 tests=[AWL=0.080, BAYES_00=-2.599, HELO_EQ_BLUEYON=1.4, MIME_BASE64_BLANKS=0.041, MIME_BASE64_TEXT=1.753]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GRq7M39aU5fd for <dnsext@core3.amsl.com>; Wed, 9 Mar 2011 06:03:21 -0800 (PST)
Received: from smtp-out5.blueyonder.co.uk (smtp-out5.blueyonder.co.uk [195.188.213.8]) by core3.amsl.com (Postfix) with ESMTP id DCCB63A69DF for <dnsext@ietf.org>; Wed, 9 Mar 2011 06:03:20 -0800 (PST)
Received: from [172.23.170.140] (helo=anti-virus02-07) by smtp-out5.blueyonder.co.uk with smtp (Exim 4.52) id 1PxK0C-0002pZ-BH; Wed, 09 Mar 2011 14:04:36 +0000
Received: from [92.238.99.235] (helo=GeorgeLaptop) by asmtp-out2.blueyonder.co.uk with smtp (Exim 4.72) (envelope-from <george.barwood@blueyonder.co.uk>) id 1PxJzp-0002hC-KC; Wed, 09 Mar 2011 14:04:13 +0000
Message-ID: <9A4DC332DAA14CF799351788B087B714@local>
From: "George Barwood" <george.barwood@blueyonder.co.uk>
To: "Scott Schmit" <i.grok@comcast.net>, <dnsext@ietf.org>
References: <C99C3502.72B1%roy@nominet.org.uk><alpine.LSU.2.00.1103082030190.5244@hermes-1.csi.cam.ac.uk> <20110309133017.GA19809@odin.mars.sol>
Date: Wed, 9 Mar 2011 14:04:29 -0000
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: base64
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5931
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5994
Subject: Re: [dnsext] CDS RRTYPE review - Comments period end Mar 29th
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Mar 2011 14:03:21 -0000

----- Original Message ----- 
From: "Scott Schmit" <i.grok@comcast.net>
To: <dnsext@ietf.org>
Sent: Wednesday, March 09, 2011 1:30 PM
Subject: Re: [dnsext] CDS RRTYPE review - Comments period end Mar 29th

> Maybe there's another reason to forbid DS on the child side that I've
> overlooked?

Besides the fact that the existing standard forbids it, it does not work.

When you send a DS query to a resolver, it will query the parent zone, so you will not discover the DS RRset for the child. There are probably other reasons why it won't work - for example the BIND signer won't sign a zone with DS records at the Apex. It would be chaos.

The data is quite distinct, and you need a way of expressing that in a query.
The proper way is a new RRtype to express that distinction.

George
 
> -- 
> Scott Schmit