Re: [DNSOP] DNS Delegation Requirements

"Ralf Weber" <dns@fl1ger.de> Mon, 08 February 2016 10:00 UTC

Return-Path: <dns@fl1ger.de>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 262D21ACE5B for <dnsop@ietfa.amsl.com>; Mon, 8 Feb 2016 02:00:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.002
X-Spam-Level:
X-Spam-Status: No, score=-0.002 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nC7AsO5LjFEn for <dnsop@ietfa.amsl.com>; Mon, 8 Feb 2016 02:00:40 -0800 (PST)
Received: from smtp.guxx.net (nyx.guxx.net [85.10.208.173]) by ietfa.amsl.com (Postfix) with ESMTP id 04E4E1ACE55 for <dnsop@ietf.org>; Mon, 8 Feb 2016 02:00:39 -0800 (PST)
Received: by nyx.guxx.net (Postfix, from userid 107) id 88C1C5F4061D; Mon, 8 Feb 2016 11:00:38 +0100 (CET)
Received: from [192.168.2.114] (p57B9FF79.dip0.t-ipconnect.de [87.185.255.121]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by nyx.guxx.net (Postfix) with ESMTPSA id 19CB55F401F5; Mon, 8 Feb 2016 11:00:38 +0100 (CET)
From: Ralf Weber <dns@fl1ger.de>
To: Jakob Schlyter <jakob@kirei.se>
Date: Mon, 08 Feb 2016 11:00:33 +0100
Message-ID: <4C7298C1-4331-4953-881F-89C7BB3FED39@fl1ger.de>
In-Reply-To: <3A6EF5A0-928C-4F10-BD68-265DAE87F9A8@kirei.se>
References: <3A6EF5A0-928C-4F10-BD68-265DAE87F9A8@kirei.se>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"
X-Mailer: MailMate (1.9.4r5213)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/fY-sWp9V_r17ghZXC-0OUe1wxrE>
Cc: dnsop <dnsop@ietf.org>, Patrik Wallström <patrik.wallstrom@iis.se>
Subject: Re: [DNSOP] DNS Delegation Requirements
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Feb 2016 10:00:41 -0000

Moin!

On 8 Feb 2016, at 9:57, Jakob Schlyter wrote:
> At this point, we're seeking more public comments - on this mailing 
> list (unless the chairs disapproves), on the our issue tracker [4] or 
> via email to the authors.
Thanks a lot for this work. I certainly would like dnsop to work on 
this.

I would soften some of language and have a question.

5.1. There are use cases where the serial number rarely if ever is the 
same on all servers and it's only really used inside communication for a 
given domain and not during resolution. So the only people who know if a 
divergent serial number is a problem are the domain owners. So we 
shouldn't tell the public that this is a problem. I would say that a 
different SOA serial number could be seen as an indicator of an 
inconsistent setup, but that further analysis is required to really 
conclude that.

6.2 The name servers SHOULD NOT belong to the same AS
I would drop that requirement altogether or make it a MAY. We really 
should not tell people how to build networks from the DNS world.

8.7 We should point out here that neither an MX nor an A record are 
required at the zone apex or do you want either of them mandatory?

On the SOA settings I do have a question. Would the following SOA be 
legitimate according to this draft?
	localhost. root.localhost. 1115106304 16384 2048 1048576 2560
If not why not, as my spot checking didn't find anything that made it 
invalid.

So long
-Ralf