IETF Logo Mail Archive

Re: [DNSOP] Re: AS112 for TLDs

Mark Andrews <Mark_Andrews@isc.org> Wed, 05 December 2007 16:16 UTC

Return-path: <dnsop-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IzwvD-0001Ct-TZ; Wed, 05 Dec 2007 11:16:27 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IzwvB-0001CZ-OD for dnsop@ietf.org; Wed, 05 Dec 2007 11:16:25 -0500
Received: from [2001:df8:0:64:216:6fff:fe46:b75d] (helo=drugs.dv.isc.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IzwvB-0008U3-1b for dnsop@ietf.org; Wed, 05 Dec 2007 11:16:25 -0500
Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (8.14.1/8.14.1) with ESMTP id lB5GFnfL036109; Thu, 6 Dec 2007 03:15:49 +1100 (EST) (envelope-from marka@drugs.dv.isc.org)
Message-Id: <200712051615.lB5GFnfL036109@drugs.dv.isc.org>
To: Joe Baptista <baptista@publicroot.org>
From: Mark Andrews <Mark_Andrews@isc.org>
Subject: Re: [DNSOP] Re: AS112 for TLDs
In-reply-to: Your message of "Wed, 05 Dec 2007 10:55:59 CDT." <4756CA0F.2070409@publicroot.org>
Date: Thu, 06 Dec 2007 03:15:49 +1100
X-Spam-Score: -1.4 (-)
X-Scan-Signature: 67c1ea29f88502ef6a32ccec927970f0
Cc: dnsop@ietf.org, Paul Vixie <Paul_Vixie@isc.org>
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
Errors-To: dnsop-bounces@ietf.org

> This is a multi-part message in MIME format.
> --------------020009050009010201030606
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> Content-Transfer-Encoding: 7bit
> 
> Paul Vixie wrote:
> 
> >baptista@publicroot.org (Joe Baptista) writes:
> >
> >  
> >
> >>No it can't be done with BIND.  Very lame.  It would be a big asset to 
> >>root technology of the entire "*." wildcard TLD label could be pointed 
> >>to AS112.  AS112 is truly the blackhole of this universe we call the 
> >>internet.  AS112 - the internet garbage can.
> >>
> >>I support using AS112 for that.  Great way to reduce the error traffic 
> >>at root-servers.net.
> >>    
> >>
> >
> >wildcards can't be cname's or ns's.  (of the many important reasons why
> >the suggestion is terrible, that's the first/simplest that comes to mind.)
> >  
> >
> Actually no.  That is not correct.  I did some experimentation using 
> BIND 8 and 9 as root servers.  BIND 8 does not support
> 
> *. CNAME some.host.name.

	Actually all versions of BIND support "* CNAME".
 
> But BIND 9 does.
> 
> I know it sounds terrible to you but I think the RFC is flexible on 
> that.  Your the expert - you look into it.  So it would be so nice if I 
> could under BIND 9 do:
> 
> *. NS some.host.name.

	Wildcard matching has the wrong semantics (1 vs many labels)
	for NS records.  Even if the semantics where addressed you
	then have to set up nameservers to do wildcard processing
	while looking for the relevent zone.  This implies having
	a copy of the parent zone so you can know what query names
	don't match the wildcard.
 
> Paul - make it so.  It would really cut down on root traffic and we 
> could use AS112 as the garbage can of bin bucket heaven.  Be a sport - 
> push the buttons and make it so.

	Additionally the root server operators arn't worries about
	the traffic volume.  The in-addr.arpa server operators
	were worried.
 
	As a end user you should worry about information leaking
	but that can be addressed by having a local copy of the
	root zone.  There are other issues end users should also
	worry about which are also covered by having a local copy
	of the root zone.

	Mark

> regards
> joe baptista
> 
> P.S. Alot of servers already wildcard *. NS back to the IANA servers.
> 
> -- 
> Joe Baptista                                www.publicroot.org
> PublicRoot Consortium
> ----------------------------------------------------------------
> The future of the Internet is Open, Transparent, Inclusive,
> Representative & Accountable to the Internet community @large.
> ----------------------------------------------------------------
>   Office: +1 (202) 517-1593
>      Fax: +1 (509) 479-0084
> 
> 
> --------------020009050009010201030606
> Content-Type: text/x-vcard; charset=utf-8;
>  name="baptista.vcf"
> Content-Transfer-Encoding: 7bit
> Content-Disposition: attachment;
>  filename="baptista.vcf"
> 
> begin:vcard
> fn:Joe Baptista
> n:Baptista;Joe
> org:PublicRoot Consortium
> adr:;;963 Ford Street;Peterborough;Ontario;K9J 5V5 ;Canada
> email;internet:baptista@publicroot.org
> title:PublicRoot Representative
> tel;fax:+1 (509) 479-0084 
> tel;cell:+1 (416) 912-6551
> x-mozilla-html:FALSE
> url:http://www.publicroot.org
> version:2.1
> end:vcard
> 
> 
> --------------020009050009010201030606
> Content-Type: text/plain; charset="us-ascii"
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> Content-Disposition: inline
> 
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www1.ietf.org/mailman/listinfo/dnsop
> 
> --------------020009050009010201030606--
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews@isc.org

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www1.ietf.org/mailman/listinfo/dnsop

v2.23.0 | Report a Bug | By Email