Re: [DNSOP] Delegation into the interior of a zone?
Grant Taylor <gtaylor@tnetconsulting.net> Fri, 28 December 2018 00:27 UTC
Return-Path: <gtaylor@tnetconsulting.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72B9012867A for <dnsop@ietfa.amsl.com>; Thu, 27 Dec 2018 16:27:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.102
X-Spam-Level:
X-Spam-Status: No, score=-0.102 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=tnetconsulting.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ueEYjQ_jGX1Q for <dnsop@ietfa.amsl.com>; Thu, 27 Dec 2018 16:27:02 -0800 (PST)
Received: from tncsrv06.tnetconsulting.net (tncsrv06.tnetconsulting.net [IPv6:2600:3c00:e000:1e9::8849]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E1E81277D2 for <dnsop@ietf.org>; Thu, 27 Dec 2018 16:27:01 -0800 (PST)
Received: from Contact-TNet-Consulting-Abuse-for-assistance by tncsrv06.tnetconsulting.net (8.15.2/8.15.2/Debian-3) with ESMTPSA id wBS0QxFl003052 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for <dnsop@ietf.org>; Thu, 27 Dec 2018 18:27:01 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=tnetconsulting.net; s=2015; t=1545956821; bh=VsxXX6pn12nDtcd8vqnF9OzxffhkBIab3RYQlmRP9Nc=; h=Subject:To:References:From:Message-ID:Date:User-Agent: MIME-Version:In-Reply-To:Content-Type:Cc:Content-Disposition: Content-Language:Content-Transfer-Encoding:Content-Type:Date:From: In-Reply-To:Message-ID:MIME-Version:References:Reply-To: Resent-Date:Resent-From:Resent-To:Resent-Cc:Sender:Subject:To: User-Agent; b=nHCbYpgvRd4OW9Giz6A6/uMubAN+Mg0oqYlA7rPUZ3XteHKRYe98hnx+0vIUl3bKK sgdiCpLqpJpDKlfIzB6KV5XFASCtlWSwhy7yDc6fIFs5MWaydOgjFK7hobqGaFlkLW 3jagq0b8oZPvGkmYVFA/BTzsP7pZCfnCeZHp7Wgk=
To: dnsop@ietf.org
References: <20181227192639.21372200BFBF3A@ary.qy> <5C252F32.50503@redbarn.org> <alpine.OSX.2.21.1812271528140.66959@ary.qy>
From: Grant Taylor <gtaylor@tnetconsulting.net>
Organization: TNet Consulting
Message-ID: <2f50b5bd-ea7d-8009-f207-cce3cddf3bf5@spamtrap.tnetconsulting.net>
Date: Thu, 27 Dec 2018 17:27:00 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.3.0
MIME-Version: 1.0
In-Reply-To: <alpine.OSX.2.21.1812271528140.66959@ary.qy>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms010807090600030805070606"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/bNyKLkKhKQ3miG1onaRElNACV30>
Subject: Re: [DNSOP] Delegation into the interior of a zone?
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Dec 2018 00:27:05 -0000
On 12/27/18 1:29 PM, John R Levine wrote: > He thinks $GENERATE confuses people. No, $GENERATE is not why he, *I*, prefer to use NS over CNAME delegation. I listed out multiple (2 ~ 3) manually as an example instead of using $GENERATE purely to simplify the example. I've run across many people that don't know what $GENERATE is, particularly if their experience comes from somewhere other than BIND. So, I simply list out the discrete lines that $GENERATE would produce. I think it removes a variable from an equation and simplifies things. The use of $GENERATE or not is independent of CNAME vs NS delegation. Besides, $GENERATE happily works with CNAME as well as it does NS records. $GENERATE 1-4 $ CNAME $.bob.example.net. $GENERATE 5-8 $ NS ns1.example.com. Both work perfectly fine. named-compilezone produces the expected lines. 1.localhost. 604800 IN CNAME 1.bob.example.net. 2.localhost. 604800 IN CNAME 2.bob.example.net. 3.localhost. 604800 IN CNAME 3.bob.example.net. 4.localhost. 604800 IN CNAME 4.bob.example.net. 5.localhost. 604800 IN NS ns1.example.com. 6.localhost. 604800 IN NS ns1.example.com. 7.localhost. 604800 IN NS ns1.example.com. 8.localhost. 604800 IN NS ns1.example.com. Which of the two methods above is easier (or poses fewer questions) to understand by someone who's not familiar with BIND, much less $GENERATE? > Don't shoot, I'm just the messenger. I can shoot the messenger with a Nerf gun for reporting the wrong message. Or are we playing a game of telephone? -- Grant. . . . unix || die
- [DNSOP] Delegation into the interior of a zone? John Levine
- Re: [DNSOP] Delegation into the interior of a zon… Erik Kline
- Re: [DNSOP] Delegation into the interior of a zon… Paul Vixie
- Re: [DNSOP] Delegation into the interior of a zon… John R Levine
- Re: [DNSOP] Delegation into the interior of a zon… Grant Taylor
- Re: [DNSOP] Delegation into the interior of a zon… Grant Taylor
- Re: [DNSOP] Delegation into the interior of a zon… John Levine
- Re: [DNSOP] Delegation into the interior of a zon… Paul Vixie
- Re: [DNSOP] Delegation into the interior of a zon… Grant Taylor
- Re: [DNSOP] Delegation into the interior of a zon… John Levine
- Re: [DNSOP] Delegation into the interior of a zon… Tony Finch