Re: [dnsext] Possible DNSSECbis clarifications
Michael Graff <mgraff@isc.org> Mon, 28 March 2011 13:18 UTC
Return-Path: <mgraff@isc.org>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 06FA53A6839 for <dnsext@core3.amsl.com>; Mon, 28 Mar 2011 06:18:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h4Jt1MREIrqK for <dnsext@core3.amsl.com>; Mon, 28 Mar 2011 06:18:30 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) by core3.amsl.com (Postfix) with ESMTP id DCC7E3A67E4 for <dnsext@ietf.org>; Mon, 28 Mar 2011 06:18:29 -0700 (PDT)
Received: from bikeshed.isc.org (bikeshed.isc.org [IPv6:2001:4f8:3:d::19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "bikeshed.isc.org", Issuer "ISC CA" (verified OK)) by mx.pao1.isc.org (Postfix) with ESMTPS id 665BCC9423 for <dnsext@ietf.org>; Mon, 28 Mar 2011 13:20:05 +0000 (UTC) (envelope-from mgraff@isc.org)
Received: from dhcp-5329.meeting.ietf.org (unknown [IPv6:2001:df8:0:80:61e:64ff:fef5:5604]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client did not present a certificate) by bikeshed.isc.org (Postfix) with ESMTPSA id 0372B216C36 for <dnsext@ietf.org>; Mon, 28 Mar 2011 13:20:04 +0000 (UTC) (envelope-from mgraff@isc.org)
Message-ID: <4D908B03.80408@isc.org>
Date: Mon, 28 Mar 2011 15:20:03 +0200
From: Michael Graff <mgraff@isc.org>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.15) Gecko/20110303 Thunderbird/3.1.9
MIME-Version: 1.0
To: dnsext@ietf.org
References: <4D9042DA.30002@ogud.com> <00a701cbed28$64d1b1d0$2e751570$@lampo@eurid.eu> <EBB9E54E-15F1-46B0-81CB-4B2C7B47D598@hopcount.ca> <018401cbed48$0b8a6ac0$229f4040$@lampo@eurid.eu>
In-Reply-To: <018401cbed48$0b8a6ac0$229f4040$@lampo@eurid.eu>
X-Enigmail-Version: 1.1.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: Re: [dnsext] Possible DNSSECbis clarifications
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Mar 2011 13:18:31 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 3/28/11 2:54 PM, Marc Lampo wrote: > In my opinion, the use of the second SOA to indicate the zone did not > change (at sender side) since the zone transfer started is more important > (then the indication of the end of the zone transfert). The AXFR (and IXFR) specs bracket the parts by SOA record, not by other records. The purpose is to ensure that the transfer is complete and was not closed early by the sender. If you then allow other records on the end, you will lose that confirmation. Think of the SOA records as brackets. That they are also data is the mistake, but it's one that is in place and can't be changed. The marker could have been an empty DNS packet (just header) but unfortunately, it wasn't. - --Michael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJNkIsCAAoJEDRzoY2A7tzbLZAIAIUMGwBDiHAeKdRJYENRvQES zptiLgt13vKMR1X2Y2yOLwhCcTpX4Hg0h2/bU8QkYLJKf63NdizNB71GuTCvo6h8 N002eh12E5QM3HuDETANc8k9WdfAWAPuENH55gvFlXFQJCG+1IrMA2C1pwhpq6wN dc3WCWRQdD9uYCI/7Psbdie9ePPaOcC3RU1V5+yTA3nDYYKZRhYtjTkVqmy85xqb ukst8+FIDiV3CbEo710YYeocLniGJCRm+omHIxPNt4Jw2Zb/qIH4OYs1tnIZz49V RnD9kAzjKN3fiI32cwb11RvBDXM9T0FEDTm5/YS2kywV3BiNAl7t9O9eq4dBuBQ= =ljlX -----END PGP SIGNATURE-----
- Re: [dnsext] Possible DNSSECbis clarifications Marc Lampo
- [dnsext] Possible DNSSECbis clarifications Olafur Gudmundsson
- Re: [dnsext] Possible DNSSECbis clarifications Masataka Ohta
- Re: [dnsext] Possible DNSSECbis clarifications George Barwood
- Re: [dnsext] Possible DNSSECbis clarifications Mark Andrews
- Re: [dnsext] Possible DNSSECbis clarifications Antoin Verschuren
- Re: [dnsext] Possible DNSSECbis clarifications Joe Abley
- Re: [dnsext] Possible DNSSECbis clarifications Joe Abley
- Re: [dnsext] Possible DNSSECbis clarifications Marc Lampo
- Re: [dnsext] Possible DNSSECbis clarifications Joe Abley
- Re: [dnsext] Possible DNSSECbis clarifications Michael Graff
- Re: [dnsext] Possible DNSSECbis clarifications Marc Lampo
- Re: [dnsext] Possible DNSSECbis clarifications Michael Graff
- Re: [dnsext] Possible DNSSECbis clarifications Joe Abley
- Re: [dnsext] Possible DNSSECbis clarifications Marc Lampo
- Re: [dnsext] Possible DNSSECbis clarifications Miek Gieben
- Re: [dnsext] Possible DNSSECbis clarifications Mark Andrews
- Re: [dnsext] Possible DNSSECbis clarifications Michael Graff