Re: [DNSOP] RFC 1035 vs. mandatory NS at apex?

Ted Lemon <mellon@fugue.com> Thu, 07 February 2019 13:10 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B60B612F1A6 for <dnsop@ietfa.amsl.com>; Thu, 7 Feb 2019 05:10:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.041
X-Spam-Level:
X-Spam-Status: No, score=-2.041 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.142, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jO_0ivlL34gp for <dnsop@ietfa.amsl.com>; Thu, 7 Feb 2019 05:10:14 -0800 (PST)
Received: from mail-qk1-x72e.google.com (mail-qk1-x72e.google.com [IPv6:2607:f8b0:4864:20::72e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1CD121294D0 for <dnsop@ietf.org>; Thu, 7 Feb 2019 05:10:14 -0800 (PST)
Received: by mail-qk1-x72e.google.com with SMTP id z18so6370965qkj.10 for <dnsop@ietf.org>; Thu, 07 Feb 2019 05:10:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=5KlEqd1c4usaFSKXEz99OnUtd7Xw6C933WGMxSwn2sY=; b=M6g89EAG2MXjapqA8S2axtJkq8HzuIn/+J2xgaqZNmwF36yMpC/UHUdUifajFShMr4 ykZUdyDxQeyieOmaXhNyxGJnyJ0zEPb1aJST3XkOWY6AZeRslvthu6YZ5ta+MBquSARE MmUnfkbczRJOBy8++z/4WghYBZNrbqHpw679x4ezlP9XcrpbFXjg4HR8yY1rSYcCf1xF 5hsPznwM4J6GbcsgBcugGZOid5I1tZfyeysuo6fEy58XUMmELbqKoSFL58a2D62joEFm vbpEIWJgpDhSH+ShZPv/i76pm7MyMvT1sZqCuMugn6tiswNQAbQnkS/JmzA0CQGsDaWk 5rTA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=5KlEqd1c4usaFSKXEz99OnUtd7Xw6C933WGMxSwn2sY=; b=RVi8z3AIu1aMtM5ObnQPCNlYs5rZYBW0lfhqkPxlRBvFBneV9Uxm/N4JKX29QPQRg8 LYMArVWs42quDlZ2bHyoLqUlU0iDSBtNcWuRpGPTgKJdBVy9nV7y529fOvTFupe745Jt sc0lveMoIoA2CCeViXtWk5+/wmfLiyXal7Sg2F1jtQHGTL+g1D3Sf8RFYrKAJR9uULxH e8MK8vf7KG/UBbefDngx8os78l3351pgtNRBHKOzHYYTXerH652CX17pKpg5AhF8/bJb znnSwN+ORVksTRqMGFILOTThGZvZmFHVkBiBKYWWDlOGsd20449JbkmJw+8QpZxSOM9e ZO+g==
X-Gm-Message-State: AHQUAuavsBz6bnEONq4yc5S5i4y7llIVQU95HosLfaYmDCrhcUvxlkl/ KPgVsU1EwOda6HAKY4YN/uwzBK72rkM=
X-Google-Smtp-Source: AHgI3IYI644zV1QRxWh1C9glnC+9sCx1n4EBkwx3Tbdv1R7RJuyFsrXOl2smHLR2X9w9GKaw4tr0Tw==
X-Received: by 2002:a37:d612:: with SMTP id t18mr11388082qki.215.1549545013242; Thu, 07 Feb 2019 05:10:13 -0800 (PST)
Received: from [10.0.100.12] (c-73-186-137-119.hsd1.ma.comcast.net. [73.186.137.119]) by smtp.gmail.com with ESMTPSA id d50sm46098820qta.31.2019.02.07.05.10.12 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 07 Feb 2019 05:10:12 -0800 (PST)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <968D0BAC-4E10-49E8-94A1-6A5679337732@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_04BF544B-FE91-4C56-81FB-E05FC5164554"
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
Date: Thu, 7 Feb 2019 08:10:09 -0500
In-Reply-To: <966fa8dd-f420-adc9-117d-24315b52825d@nic.cz>
Cc: "dnsop@ietf.org" <dnsop@ietf.org>
To: =?utf-8?B?UGV0ciDFoHBhxI1law==?= <petr.spacek@nic.cz>
References: <fcd790a2-414b-491e-01e2-9aa92f7b1c4e@nic.cz> <CC75C79C-E5FB-4C91-9453-103E36EDC505@fugue.com> <48a12f46-eee1-823e-a448-8f3b0d973f7d@nic.cz> <F821C2A2-BD6F-41D1-A2D6-3928E783614B@fugue.com> <966fa8dd-f420-adc9-117d-24315b52825d@nic.cz>
X-Mailer: Apple Mail (2.3445.102.3)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/4iL1uvITEMYFSSDlk4LiJH8quu4>
Subject: Re: [DNSOP] RFC 1035 vs. mandatory NS at apex?
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Feb 2019 13:10:16 -0000

On Feb 7, 2019, at 8:00 AM, Petr Špaček <petr.spacek@nic.cz> wrote:
> I feel something bad will happen if parent and child zone is on the same
> auth server and resolver is using query name minimization...
> (This configuration *does* exist in wild as we know from debugging Knot
> Resolver - we do query name minimization by default.)

Interesting!   What goes wrong?