IETF Logo Mail Archive

Re: [dnsext] Possible DNSSECbis clarifications

Joe Abley <jabley@hopcount.ca> Mon, 28 March 2011 11:59 UTC

Return-Path: <jabley@hopcount.ca>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 151EF3A6825 for <dnsext@core3.amsl.com>; Mon, 28 Mar 2011 04:59:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.6
X-Spam-Level:
X-Spam-Status: No, score=-102.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1DHyo3OTTZJJ for <dnsext@core3.amsl.com>; Mon, 28 Mar 2011 04:59:02 -0700 (PDT)
Received: from monster.hopcount.ca (monster.hopcount.ca [IPv6:2001:4900:1:392:213:20ff:fe1b:3bfe]) by core3.amsl.com (Postfix) with ESMTP id 1E9F13A67AD for <dnsext@ietf.org>; Mon, 28 Mar 2011 04:59:00 -0700 (PDT)
Received: from [2001:df8:0:64:5a55:caff:feec:96bf] by monster.hopcount.ca with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.74 (FreeBSD)) (envelope-from <jabley@hopcount.ca>) id 1Q4B7c-000G9s-ER; Mon, 28 Mar 2011 12:00:37 +0000
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="us-ascii"
From: Joe Abley <jabley@hopcount.ca>
In-Reply-To: <4D90564A.8010001@sidn.nl>
Date: Mon, 28 Mar 2011 14:00:29 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <8003B067-6142-440D-9967-DED1EBCF9524@hopcount.ca>
References: <4D9042DA.30002@ogud.com> <20110328092847.02E5BD97013@drugs.dv.isc.org> <4D90564A.8010001@sidn.nl>
To: Antoin Verschuren <antoin.verschuren@sidn.nl>
X-Pgp-Agent: GPGMail 1.3.3
X-Mailer: Apple Mail (2.1084)
X-SA-Exim-Connect-IP: 2001:df8:0:64:5a55:caff:feec:96bf
X-SA-Exim-Mail-From: jabley@hopcount.ca
X-SA-Exim-Scanned: No (on monster.hopcount.ca); SAEximRunCond expanded to false
Cc: dnsext@ietf.org
Subject: Re: [dnsext] Possible DNSSECbis clarifications
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Mar 2011 11:59:03 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On 2011-03-28, at 11:35, Antoin Verschuren wrote:

> Nice thought:
> Should an SOA record be signed anyway ?

Yes.

> The SOA is only a signaling record, and the result is never going to be
> used by any application.

SOA RDATA is used by two important classes of application -- DNS authority-only servers (REFRESH, RETRY, EXPIRE) and DNS resolvers (MINIMUM, negative cache TTL). Further, the MNAME field is used by DNS UPDATE clients. The utility of the MNAME field in the real world is debatable, but I have seen no data which suggests it is irrelevant.


Joe

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)

iEYEARECAAYFAk2QeF0ACgkQNI8MvYZSOizRxgCfTVAgG0rGC6oz67CpK2wmOpei
p44AnRkyxQK7Q71fBVNgq2g7s19qIS7i
=dN2t
-----END PGP SIGNATURE-----

v2.29.0 | Report a Bug | By Email | System Status