Re: [DNSOP] simple question
"Joe Abley" <jabley@hopcount.ca> Fri, 13 November 2015 17:50 UTC
Return-Path: <jabley@hopcount.ca>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 570431A90B5 for <dnsop@ietfa.amsl.com>; Fri, 13 Nov 2015 09:50:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mZdHJIGtm-C1 for <dnsop@ietfa.amsl.com>; Fri, 13 Nov 2015 09:50:13 -0800 (PST)
Received: from mail-yk0-x233.google.com (mail-yk0-x233.google.com [IPv6:2607:f8b0:4002:c07::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 22B1A1A8A48 for <dnsop@ietf.org>; Fri, 13 Nov 2015 09:50:13 -0800 (PST)
Received: by ykfs79 with SMTP id s79so159648949ykf.1 for <dnsop@ietf.org>; Fri, 13 Nov 2015 09:50:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hopcount.ca; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-type; bh=vhU4664IFzX7ejZyj7hKix0CQQCG+sd1dfwf58r0j+Y=; b=jO4H2+Q1nVKvZCX49wu77sjzqlsN91t1pkyLXjTqbkW2ABBJch0Qx0x25jYoYANY4A hQJe77+/OWeqnk2b2VDU/34QynKrsCyKeHG0Wiep1lHH+nOX1nmJgzKrAH2UkDKSub8z YIK+XHu7IIrNtEB/n5CuHqyS88TttW0MkD8Wk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-type; bh=vhU4664IFzX7ejZyj7hKix0CQQCG+sd1dfwf58r0j+Y=; b=VH99KjiHt7jkL4aAyIMK38xtFG4/lM5XRILBTYyjKmsKK9R6buiHBUHKqlSMaucZpC UhXtInzgDmpgqKOjYiDb8Wa/mGaOOqwYsjVmcqftzo9frSrACawc74yHXeFbT24qguog 8n6C9hM2wqxWMmJ0v9DUCKNzskwPmyPL3SoGiyl6Ky3eZtDUNY+aNdsTrKVtND7t7i6E v8tsS6ijgybpnkLgJKnWuUHCEjQbRoiLOhJ6CawfrQLswgWwz+C5Htnbr9YfvFL/naEn dOR4GQ+BRVJP8Pb+dOaUODMQsZHdAklJj9jdnnL7a/kopp87ICnWOEVwnZZgqkCuxXXQ u4mw==
X-Gm-Message-State: ALoCoQkzGiaOt1jGohFyEXEAnX/XWk+nYs91wkKB82GMLAQyWfDNuABywrartuur4EDkZbranZd2
X-Received: by 10.13.253.198 with SMTP id n189mr22547938ywf.298.1447437011978; Fri, 13 Nov 2015 09:50:11 -0800 (PST)
Received: from [172.19.129.62] (135-23-68-43.cpe.pppoe.ca. [135.23.68.43]) by smtp.gmail.com with ESMTPSA id h184sm22622553ywf.41.2015.11.13.09.50.10 (version=TLSv1 cipher=RC4-SHA bits=128/128); Fri, 13 Nov 2015 09:50:11 -0800 (PST)
From: Joe Abley <jabley@hopcount.ca>
To: Havard Eidnes <he@uninett.no>
Date: Fri, 13 Nov 2015 12:50:10 -0500
Message-ID: <CF9D9BB0-7CF6-42C9-9479-1599B60DF510@hopcount.ca>
In-Reply-To: <20151113.180605.1367817586388172409.he@uninett.no>
References: <564615F0.3010704@andreasschulze.de> <20151113.180605.1367817586388172409.he@uninett.no>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"
X-Mailer: MailMate (1.9.2r5141)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/OHQL7bSksUprUw3mmiglBuVK1bA>
Cc: dnsop@ietf.org, sca@andreasschulze.de
Subject: Re: [DNSOP] simple question
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Nov 2015 17:50:14 -0000
On 13 Nov 2015, at 12:06, Havard Eidnes wrote: >> consider a nameserver ns.example.com serving example.com. There is a >> delegation from com. including glue. >> Now we add a childzone sub.example.com. served by the same nameserver >> ns.example.com. >> >> should I add a entry in example.com to delegate the subzone to >> myself? > > Generally, yes, although with the specific example, your name > server software may let you get away with not having the NS > record in the example.com zone for sub.example.com. This will also lead to unexpected hilarity when you sign the zones, since the lack of a zone cut will cause a validator not to establish a chain of trust to the child zone. As you say, best to install the delegation set in the parent zone even if the choice of nameservers for the parent and child means it will be obscured. Joe
- [DNSOP] simple question A. Schulze
- Re: [DNSOP] simple question Ray Bellis
- Re: [DNSOP] simple question Havard Eidnes
- Re: [DNSOP] simple question Joe Abley
- Re: [DNSOP] simple question A. Schulze
- Re: [DNSOP] simple question Grant Taylor