Re: [dnsext] MaraDNS and NXDOMAIN/NOERROR on non-terminal nodes

Paul Vixie <vixie@isc.org> Wed, 27 April 2011 06:47 UTC

Return-Path: <vixie@isc.org>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0452E06C9 for <dnsext@ietfa.amsl.com>; Tue, 26 Apr 2011 23:47:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9yPEyqrKl5zi for <dnsext@ietfa.amsl.com>; Tue, 26 Apr 2011 23:47:18 -0700 (PDT)
Received: from nsa.vix.com (unknown [IPv6:2001:4f8:3:bb:230:48ff:fe5a:2f38]) by ietfa.amsl.com (Postfix) with ESMTP id D16EDE06AF for <dnsext@ietf.org>; Tue, 26 Apr 2011 23:47:17 -0700 (PDT)
Received: from nsa.vix.com (localhost [127.0.0.1]) by nsa.vix.com (Postfix) with ESMTP id 46C12A1019 for <dnsext@ietf.org>; Wed, 27 Apr 2011 06:47:16 +0000 (UTC) (envelope-from vixie@isc.org)
From: Paul Vixie <vixie@isc.org>
To: dnsext@ietf.org
In-Reply-To: Your message of "Wed, 27 Apr 2011 08:25:59 +0200." <082201cc04a4$f32f1b00$d98d5100$@lampo@eurid.eu>
References: <BANLkTimgkfQFx8ocrXjv7UFjhCzenwDhKw@mail.gmail.com> <a06240800c9db17a18dfe@[10.31.200.105]> <082201cc04a4$f32f1b00$d98d5100$@lampo@eurid.eu>
X-Mailer: MH-E 8.2; nmh 1.3; XEmacs 21.4 (patch 22)
Date: Wed, 27 Apr 2011 06:47:16 +0000
Message-ID: <11714.1303886836@nsa.vix.com>
Subject: Re: [dnsext] MaraDNS and NXDOMAIN/NOERROR on non-terminal nodes
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Apr 2011 06:47:18 -0000

> From: "Marc Lampo" <marc.lampo@eurid.eu>
> Date: Wed, 27 Apr 2011 08:25:59 +0200 (CEST)
> 
> Who claims that this in fact a subdomain ?

if there is a dot then the label on the left is always a 'subdomain', by
definition, though it might not also be a 'subzone' since no delegation
point is required by the dot syntax.

> A '.' *can* be a delegation point, but it is not obligation.

yes.

> --> "www.sub" might simply be a (one) string (label ?) in the zone
> "example.com",
>     with no delegation (SOA/NS) at the '.'

it's two labels but it's in the same zone.

> So "sub.example.com" is another label in the same zone file;
> if that label does not exist by itself, I would say "NXDOMAIN" is the
> logical answer.

whether nxdomain is the right answer is unrelated to the question of
where the delegation points are.  though quite clearly if there is
a delegation point then a domain is not empty of rrsets since there
will be NS RR's there.

to amplify on ed's comments:

> -----Original Message-----
> From: Edward Lewis [mailto:Ed.Lewis@neustar.biz] 
> Sent: 25 April 2011 03:24 PM
> 
> By definition, a domain name with subdomains exists.  If there is a 
> "www.shortname", then "shortername" exists.
> 
> RFC 4592, section 2.2.3.

yes (though i think ed means "shortname" exists not "shortername" exists).
the proper response to QNAME=www.shortname is RCODE=0 ANCOUNT=0 in order
to signal an empty (but existing) domain name.