IETF Logo Mail Archive

Re: [dnsext] zone cut semantics

Jay Ashworth <jra@baylink.com> Mon, 21 February 2011 01:43 UTC

Return-Path: <jra@baylink.com>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C8DCE3A6F7A for <dnsext@core3.amsl.com>; Sun, 20 Feb 2011 17:43:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.842
X-Spam-Level:
X-Spam-Status: No, score=-1.842 tagged_above=-999 required=5 tests=[AWL=-0.108, BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, RDNS_DYNAMIC=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0GIm4fUOM-51 for <dnsext@core3.amsl.com>; Sun, 20 Feb 2011 17:43:28 -0800 (PST)
Received: from benjamin.baylink.com (rrcs-24-129-180-187.se.biz.rr.com [24.129.180.187]) by core3.amsl.com (Postfix) with ESMTP id 9AF833A6EAC for <dnsext@ietf.org>; Sun, 20 Feb 2011 17:43:27 -0800 (PST)
Received: from localhost (localhost.localdomain [127.0.0.1]) by benjamin.baylink.com (Postfix) with ESMTP id DD7091F0012D for <dnsext@ietf.org>; Sun, 20 Feb 2011 20:44:18 -0500 (EST)
X-Virus-Scanned: amavisd-new at benjamin.baylink.com
Received: from benjamin.baylink.com ([127.0.0.1]) by localhost (benjamin.baylink.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ylVgjGjM3YLz for <dnsext@ietf.org>; Sun, 20 Feb 2011 20:44:15 -0500 (EST)
Received: from benjamin.baylink.com (benjamin.baylink.com [192.168.253.10]) by benjamin.baylink.com (Postfix) with ESMTP id A40881F00121 for <dnsext@ietf.org>; Sun, 20 Feb 2011 20:44:15 -0500 (EST)
Date: Sun, 20 Feb 2011 20:44:15 -0500
From: Jay Ashworth <jra@baylink.com>
To: dnsext@ietf.org
Message-ID: <32361744.800.1298252655591.JavaMail.root@benjamin.baylink.com>
In-Reply-To: <AANLkTi=uwMO-nwtru00F+gD8JmibRYx1b9VWThMSHhfv@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [65.34.93.30]
X-Mailer: Zimbra 6.0.9_GA_2686 (ZimbraWebClient - FF3.0 (Linux)/6.0.9_GA_2686)
Subject: Re: [dnsext] zone cut semantics
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Feb 2011 01:43:28 -0000

----- Original Message -----
> From: "Brandon Black" <blblack@gmail.com>

> On Sun, Feb 20, 2011 at 2:44 PM, Jim Reid <jim@rfc1035.com> wrote:
> > Nope. Query the .com name servers for the NS records for
> > example.com. They
> > correctly return a non-authoritative answer. It's only the name
> > servers for
> > example.com that are authoritative for example.com and will
> > authoritatively
> > answer that query. In other words, it's the child that's responsible
> > for the
> > zone's authoritative NS RRset, not the parent. Which is how things
> > should be
> > when you consider what delegation actually means: crossing an
> > administrative
> > boundary from one authority to another.
> >
> > Please think again about what you posted. The inference of what you
> > say is
> > that the root servers are authoritative for everything. That's
> > clearly not
> > true.
> 
> IMHO, this is where it's semantics. The root servers are
> authoritative for everything, that's why we believe their delegation
> answers. The AA-bit is just part of how the protocol signals
> delegation of authority. Yes, the child is responsible for its own NS
> records while the parent delegates, but the parent can take away the
> delegation at any time and serve the child's zone data directly.

You appear to be suggesting that the AA bit on the glue records in a 
parent zone *can be set*, merely by changing something in the parent
zone file.

I don't believe that to be true; TTBOMK, *the name server* makes that 
choice (to not set AA), *precisely because the parent server is not
considered to be authoritative for objects within its children's 
zones*.

I don't think that it's physically possible to make a parent server set
the AA bit on that glue, though I'd be happy to be proven wrong.  I don't
operate many parent zones.  :-)

So: people-who-do: is my supposition/assertion above correct?  If it is,
is it reasonable to draw from it the inference that I do (IE, that Jim is
correct and Brandon's not)?

I'm sure Albitz & Liu would tell me, but I do fancy stuff with DNS
insufficiently frequently for me to know where it is...

Cheers,.
-- jra

v2.23.0 | Report a Bug | By Email