Re: [dnsext] NS/NSEC/NSEC3 records in the Additional section
Florian Weimer <fweimer@bfk.de> Thu, 19 May 2011 11:00 UTC
Return-Path: <fweimer@bfk.de>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2927BE06E2 for <dnsext@ietfa.amsl.com>; Thu, 19 May 2011 04:00:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.249
X-Spam-Level:
X-Spam-Status: No, score=-2.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b2W+21Ogxq3k for <dnsext@ietfa.amsl.com>; Thu, 19 May 2011 04:00:25 -0700 (PDT)
Received: from mx01.bfk.de (mx01.bfk.de [193.227.124.2]) by ietfa.amsl.com (Postfix) with ESMTP id 7D4D4E065D for <dnsext@ietf.org>; Thu, 19 May 2011 04:00:22 -0700 (PDT)
Received: from mx00.int.bfk.de ([10.119.110.2]) by mx01.bfk.de with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) id 1QN0xo-0003rg-LV; Thu, 19 May 2011 11:00:20 +0000
Received: by bfk.de with local id 1QN0ug-0007tF-Cy; Thu, 19 May 2011 10:57:06 +0000
From: Florian Weimer <fweimer@bfk.de>
To: Klaus Malorny <Klaus.Malorny@knipp.de>
References: <4DD4CEFB.3050702@knipp.de>
Date: Thu, 19 May 2011 10:57:06 +0000
In-Reply-To: <4DD4CEFB.3050702@knipp.de> (Klaus Malorny's message of "Thu, 19 May 2011 10:04:11 +0200")
Message-ID: <82k4dnez5p.fsf@mid.bfk.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: dnsext@ietf.org
Subject: Re: [dnsext] NS/NSEC/NSEC3 records in the Additional section
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 May 2011 11:00:26 -0000
* Klaus Malorny: > I think it would make sense to include the NS records of sld.tld. (and > DS records if signed) in the Additional section if the NS records of > tld. are included in the Authority section, as this information is > available anyway and should be useful for the resolver. This is, > however, contrary to the behaviour of BIND, which I consider as a > reference. You should send unusual records only in response to DO=1 queries. Otherwise, you risk that the client cannot interpret them. (The risk with DNSSEC-capable clients is still there, of course, but it seems less.) There is no precedent for copying NS records to the additional section, AFAIK. Given the amount of work put into reducing response sizes, it's also unlikely that such a feature would be a win for all parties involved. -- Florian Weimer <fweimer@bfk.de> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99
- [dnsext] NS/NSEC/NSEC3 records in the Additional … Klaus Malorny
- Re: [dnsext] NS/NSEC/NSEC3 records in the Additio… Florian Weimer
- Re: [dnsext] NS/NSEC/NSEC3 records in the Additio… Klaus Malorny
- Re: [dnsext] NS/NSEC/NSEC3 records in the Additio… Edward Lewis