Re: [DNSOP] Call for Adoption: RFC8499-bis

[Tony Finch <dot@dotat.at>]

I recently noticed that the bailiwick-related definitions are wrong and
muddled.

I have always understood in-bailiwick to mean that a nameserver name is a
subdomain of its zone apex. That is, exactly the cases where glue is
required by the DNS protocol. The term comes from the discussion of
gluelessness at http://cr.yp.to/djbdns/notes.html - "RFC 1034 specifically
requires glue for referrals to in-bailiwick DNS servers."

RFC 8499 seems to use "in-domain" for this situation, which is not a term
I have seen anywhere else.

The question of sibling glue is different from whether nameservers are
in-bailiwick. It comes up in questions about registry policies rather than
DNS protocol needs: whether or not a registry requires all nameservers
that are subdomains of the registry domain(s) to have addresses, even in
cases where the DNS does not need glue.

The description of siblings in RFC 8499 is muddled, because it is unclear
when it is referring to a nameserver name or a zone name, and it's
unclear when it is talking about a child zone or their shared parent zone.
And the nameservers themselves aren't siblings; they are nephieces or
niblings or something like that.

I suggest:

  * Sibling zones: two zones whose delegations are in the same
    parent zone.

  * Sibling glue: addresses of nameservers that are in a sibling zone.
    Sibling glue is usually the glue that the DNS would require for that
    sibling zone, but in some cases the requirement lies elsewhere, for
    example

	one.example.	NS	nsa.two.example
	one.example.	NS	nsb.two.example
	two.example.	NS	ns0.two.example
	two.example.	NS	ns1.two.example

   The DNS protocol does not require sibling glue for the one.example
   nameservers, though glue addresses might be required by .example
   registry policy.

Tony.
-- 
f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/
the fundamental values of liberty, equality, and community