IETF Logo Mail Archive

Re: [DNSOP] DNS Delegation Requirements

Ray Bellis <ray@bellis.me.uk> Mon, 08 February 2016 13:40 UTC

Return-Path: <ray@bellis.me.uk>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A4D211B2B42 for <dnsop@ietfa.amsl.com>; Mon, 8 Feb 2016 05:40:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t3TeqQgi7AqC for <dnsop@ietfa.amsl.com>; Mon, 8 Feb 2016 05:40:43 -0800 (PST)
Received: from hydrogen.portfast.net (hydrogen.portfast.net [188.246.200.2]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF2381B2B44 for <dnsop@ietf.org>; Mon, 8 Feb 2016 05:40:37 -0800 (PST)
Received: from [46.227.151.81] (port=49477 helo=rays-mbp.local) by hydrogen.portfast.net ([188.246.200.2]:465) with esmtpsa (fixed_plain:ray@bellis.me.uk) (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) id 1aSm3N-0008Oi-GV (Exim 4.72) for dnsop@ietf.org (return-path <ray@bellis.me.uk>); Mon, 08 Feb 2016 13:40:33 +0000
To: dnsop@ietf.org
References: <3A6EF5A0-928C-4F10-BD68-265DAE87F9A8@kirei.se> <4C7298C1-4331-4953-881F-89C7BB3FED39@fl1ger.de> <B5599069-3A1E-44D0-B726-C8709EC7DCF6@kirei.se>
From: Ray Bellis <ray@bellis.me.uk>
Message-ID: <56B89AD2.5030900@bellis.me.uk>
Date: Mon, 08 Feb 2016 13:40:34 +0000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.5.1
MIME-Version: 1.0
In-Reply-To: <B5599069-3A1E-44D0-B726-C8709EC7DCF6@kirei.se>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/rCHsP_u_cSucSGTXeyIk1K8vgms>
Subject: Re: [DNSOP] DNS Delegation Requirements
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Feb 2016 13:40:49 -0000


On 08/02/2016 12:07, Jakob Schlyter wrote:
> On 8 feb. 2016, at 11:00, Ralf Weber <dns@fl1ger.de> wrote:

>> 6.2 The name servers SHOULD NOT belong to the same AS I would drop
>> that requirement altogether or make it a MAY. We really should not
>> tell people how to build networks from the DNS world.
> 
> I would agree, but on the other hand it's apparent that a lot still
> make really bad choices, such as putting all of their authoritative
> name servers on a single LAN or site. There are exceptions for the
> "belong to same AS", can we perhaps try to state those?

The IANA new gTLD testing requires that the servers not all be in the
same "origin AS".

IMHO, this requirement is wrong.  What matters more is that they don't
all have the same AS path.

That's a separate issue from being physically co-located on the same
LAN, but you can't readily tell that from routing views.

At the moment it's possible to have a perfectly well designed Anycast
cloud with multiple sites and yet fail the IANA checks because the sites
all use the same stub ASN.

Ray

v2.23.0 | Report a Bug | By Email