[DNSOP] 1035 quote - Re: Zone apex and delegation point
Edward Lewis <edward.lewis@icann.org> Wed, 08 April 2015 12:02 UTC
Return-Path: <edward.lewis@icann.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE5261B3084 for <dnsop@ietfa.amsl.com>; Wed, 8 Apr 2015 05:02:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cj7PZ81vq60d for <dnsop@ietfa.amsl.com>; Wed, 8 Apr 2015 05:02:09 -0700 (PDT)
Received: from out.west.pexch112.icann.org (pfe112-ca-1.pexch112.icann.org [64.78.40.7]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8B2C1B2FE9 for <dnsop@ietf.org>; Wed, 8 Apr 2015 05:02:09 -0700 (PDT)
Received: from PMBX112-W1-CA-1.pexch112.icann.org (64.78.40.21) by PMBX112-W1-CA-2.pexch112.icann.org (64.78.40.23) with Microsoft SMTP Server (TLS) id 15.0.1044.25; Wed, 8 Apr 2015 05:02:06 -0700
Received: from PMBX112-W1-CA-1.pexch112.icann.org ([64.78.40.21]) by PMBX112-W1-CA-1.PEXCH112.ICANN.ORG ([64.78.40.21]) with mapi id 15.00.1044.021; Wed, 8 Apr 2015 05:02:06 -0700
From: Edward Lewis <edward.lewis@icann.org>
To: dnsop WG <dnsop@ietf.org>
Thread-Topic: 1035 quote - Re: [DNSOP] Zone apex and delegation point
Thread-Index: AQHQcfPVl15hfGy6y0e/+EVXk9Q2wQ==
Date: Wed, 08 Apr 2015 12:02:06 +0000
Message-ID: <D14A8EE2.AB74%edward.lewis@icann.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.8.150116
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [192.0.47.235]
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="B_3511324922_20597441"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/BYCyKm2byR-gf0cWDYiPgbvJ_1E>
Subject: [DNSOP] 1035 quote - Re: Zone apex and delegation point
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Apr 2015 12:02:13 -0000
On 4/8/15, 6:15, "Tony Finch" <dot@dotat.at> wrote: Okay, since Tony took a longer look at the quote, I figured I ought to also. ;) >Edward Lewis <edward.lewis@icann.org> wrote: >> On 4/6/15, 12:46, "Casey Deccio" <casey@deccio.net> wrote: >> >> >> Isn't "owns an NS set" inferred by "zone"? >> > >> > "The NS RR states that the named host should be expected to have a >>zone >> > starting at owner name of the specified class" (RFC 1034). As for just about any old-timey RFC, context is important. This is actually in RFC 1035, section 3.3.11. The section is entitled "NS RDATA format". I think it is referring to this: "owner name" $TTL $CLASS NS "named host" >I think the point of that quote is that the child zone's SOA must have the >same owner as the delegation in the parent. (This often gets screwed up in >load balancer configurations which causes problems because the SOA in a >negative reply identifies the wrong zone.) My reading of the statement is, in it's context with "named host" being what is in the RDATA: The host in the RDATA field of the NS RR is supposed to be (/is intended to be/has the expectation to be) (DNS *) serving the zone named by the records owner name. From that you can infer that if you ask that host ('s corresponding IP addresses) for the record owner name SOA, you should get a positive reply.
- [DNSOP] 1035 quote - Re: Zone apex and delegation… Edward Lewis