Re: [dnsext] MaraDNS and NXDOMAIN/NOERROR on non-terminal nodes

Edward Lewis <Ed.Lewis@neustar.biz> Wed, 27 April 2011 13:41 UTC

Return-Path: <Ed.Lewis@neustar.biz>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1ABDFE06DD for <dnsext@ietfa.amsl.com>; Wed, 27 Apr 2011 06:41:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.25
X-Spam-Level:
X-Spam-Status: No, score=-106.25 tagged_above=-999 required=5 tests=[AWL=0.349, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I0sVT9wow0y1 for <dnsext@ietfa.amsl.com>; Wed, 27 Apr 2011 06:41:14 -0700 (PDT)
Received: from stora.ogud.com (stora.ogud.com [66.92.146.20]) by ietfa.amsl.com (Postfix) with ESMTP id 21E9EE07AA for <dnsext@ietf.org>; Wed, 27 Apr 2011 06:41:13 -0700 (PDT)
Received: from Work-Laptop-2.local (nyttbox.md.ogud.com [10.20.30.4]) by stora.ogud.com (8.14.4/8.14.4) with ESMTP id p3RDg2uR051164; Wed, 27 Apr 2011 09:42:02 -0400 (EDT) (envelope-from Ed.Lewis@neustar.biz)
Received: from [10.31.203.186] by Work-Laptop-2.local (PGP Universal service); Wed, 27 Apr 2011 09:41:07 -0400
X-PGP-Universal: processed; by Work-Laptop-2.local on Wed, 27 Apr 2011 09:41:07 -0400
Mime-Version: 1.0
Message-Id: <a06240801c9ddc96d983b@[10.31.203.186]>
In-Reply-To: <082201cc04a4$f32f1b00$d98d5100$@lampo@eurid.eu>
References: <BANLkTimgkfQFx8ocrXjv7UFjhCzenwDhKw@mail.gmail.com> <a06240800c9db17a18dfe@[10.31.200.105]> <082201cc04a4$f32f1b00$d98d5100$@lampo@eurid.eu>
Date: Wed, 27 Apr 2011 09:34:42 -0400
To: <dnsext@ietf.org>
From: Edward Lewis <Ed.Lewis@neustar.biz>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
X-Scanned-By: MIMEDefang 2.68 on 10.20.30.4
Cc: 'Edward Lewis' <Ed.Lewis@neustar.biz>
Subject: Re: [dnsext] MaraDNS and NXDOMAIN/NOERROR on non-terminal nodes
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Apr 2011 13:41:15 -0000

In short: Domain != Zone, subdomain != subzone.

The "." domain encompasses everything in the DNS.
The "." zone is just the names from "." to the TLD cut points.

E.g., "www.neustar.biz." is in the "biz." domain but not in the "biz." zone.

Any name exists if it has a descendent (or has at least one set of 
data).   That is, another name in it's domain.  If that other name 
(assuming we are talking about one label "down") owns an NS set, then 
that name is delegated to another zone.  If that other name does not 
a NS set, it is in the same zone.

A lot of thought has gone into this topic over the years.  Consult 
RFC 2308 and 4592 (and STD 13 too I suppose) for starters.  If you 
feel these RFCs are incorrect, suggest fixes or updates to them.

At 8:25 +0200 4/27/11, Marc Lampo wrote:
>Who claims that this in fact a subdomain ?
>A '.' *can* be a delegation point, but it is not obligation.
>--> "www.sub" might simply be a (one) string (label ?) in the zone
>"example.com",
>     with no delegation (SOA/NS) at the '.'
>
>So "sub.example.com" is another label in the same zone file;
>if that label does not exist by itself, I would say "NXDOMAIN" is the
>logical answer.
>
>Kind regards,
>
>Marc Lampo
>
>
>-----Original Message-----
>From: Edward Lewis [mailto:Ed.Lewis@neustar.biz]
>Sent: 25 April 2011 03:24 PM
>To: Sam Trenholme
>Cc: johnl@iecc.com; ed.lewis@neustar.biz; dnsext@ietf.org
>Subject: Re: [dnsext] MaraDNS and NXDOMAIN/NOERROR on non-terminal nodes
>
>At 14:11 -0500 4/23/11, Sam Trenholme wrote:
>
>>To summarize:  Let us suppose we have the DNS name
>>www.sub.example.com, but, for whatever reason, sub.example.com does
>>not exist.
>
>By definition, a domain name with subdomains exists.  If there is a
>"www.shortname", then "shortername" exists.
>
>RFC 4592, section 2.2.3.
>
>--
>-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>-
>Edward Lewis
>NeuStar                    You can leave a voice message at
>+1-571-434-5468
>
>Me to infant son: "Waah! Waah! Is that all you can say?  Waah?"
>Son: "Waah!"

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStar                    You can leave a voice message at +1-571-434-5468

Me to infant son: "Waah! Waah! Is that all you can say?  Waah?"
Son: "Waah!"