Re: [dnsext] Short introduction to zone cuts?
Mark Andrews <marka@isc.org> Fri, 16 March 2012 23:36 UTC
Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FC2E21E8083; Fri, 16 Mar 2012 16:36:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1331941004; bh=fAHOd1cjqrRPhDhJ00ayftUKvpH56RU8sFAMYq6NYOI=; h=To:From:References:In-reply-to:Date:Message-Id:Cc:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: MIME-Version:Content-Type:Content-Transfer-Encoding:Sender; b=PMhwQWIF0nmY2/LZDSuURao+ByHbR+/qAATCYWWz+MDGLN9b39Xnd7usdd6+PTIuA eXPWi2r0E2bBPT9lfQXew3VbSILU0Ykbi3fVnGaZqCin0CY2OL4ON5eButokY0L5yf T7Xd+nTEGwRy4EzxXoyX5Pt89YbstbScaJoXbQAY=
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E41121E8083 for <dnsext@ietfa.amsl.com>; Fri, 16 Mar 2012 16:36:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.424
X-Spam-Level:
X-Spam-Status: No, score=-1.424 tagged_above=-999 required=5 tests=[AWL=-1.125, BAYES_00=-2.599, MANGLED_REALLY=2.3]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SL1TH95nAlEF for <dnsext@ietfa.amsl.com>; Fri, 16 Mar 2012 16:36:43 -0700 (PDT)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [IPv6:2001:500:60::65]) by ietfa.amsl.com (Postfix) with ESMTP id D480521E8014 for <dnsext@ietf.org>; Fri, 16 Mar 2012 16:36:42 -0700 (PDT)
Received: from bikeshed.isc.org (bikeshed.isc.org [IPv6:2001:4f8:3:d::19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "mail.isc.org", Issuer "RapidSSL CA" (not verified)) by mx.ams1.isc.org (Postfix) with ESMTPS id 198085F9865; Fri, 16 Mar 2012 23:36:23 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (unknown [IPv6:2001:470:1f00:820:d1fb:f2c0:5ce0:8d7d]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by bikeshed.isc.org (Postfix) with ESMTPSA id 29C62216C36; Fri, 16 Mar 2012 23:36:21 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (Postfix) with ESMTP id 16C831E9F8E3; Sat, 17 Mar 2012 10:36:18 +1100 (EST)
To: Paul Hoffman <paul.hoffman@vpnc.org>
From: Mark Andrews <marka@isc.org>
References: <946E9EC4-9872-4A98-BCEB-3CD7420929A1@vpnc.org>
In-reply-to: Your message of "Fri, 16 Mar 2012 10:47:33 PDT." <946E9EC4-9872-4A98-BCEB-3CD7420929A1@vpnc.org>
Date: Sat, 17 Mar 2012 10:36:18 +1100
Message-Id: <20120316233618.16C831E9F8E3@drugs.dv.isc.org>
Cc: DNSEXT Working Group <dnsext@ietf.org>
Subject: Re: [dnsext] Short introduction to zone cuts?
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org
In message <946E9EC4-9872-4A98-BCEB-3CD7420929A1@vpnc.org>, Paul Hoffman writes : > Over on the dns-operations list, the issue of zone cuts has come up, and even > normally-careful people have gotten it wrong. Is there a readable introducti > on to zone cuts and how they affect zone operators? If not, someone should re > ally consider writing a two-page informational RFC on the subject and have it > reviewed here (even if it is after this WG shuts down) before publication. I > suspect that such an RFC will be more valuable to the Internet than many of > the ones we have done here. > > --Paul Hoffman RFC 1034 say all you need to say for zone operators about NS record. Nameserver developer need to know more. Section 4.2.2. "Administrative considerations" covers just about all that one needs to know in particular "As the last installation step, the delegation NS RRs and glue RRs necessary to make the delegation effective should be added to the parent zone. The administrators of both zones should insure that the NS and glue RRs which mark both sides of the cut are consistent and remain so." This apply to both registries and registrars as the are the administators of the relevent zones. Failure to follow that advice causes most of the operational problems we see in the DNS. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org _______________________________________________ dnsext mailing list dnsext@ietf.org https://www.ietf.org/mailman/listinfo/dnsext
- [dnsext] Short introduction to zone cuts? Paul Hoffman
- Re: [dnsext] Short introduction to zone cuts? Mark Andrews
- Re: [dnsext] Short introduction to zone cuts? Ray Bellis
- Re: [dnsext] Short introduction to zone cuts? Paul Hoffman
- Re: [dnsext] Short introduction to zone cuts? Mark Andrews
- Re: [dnsext] Short introduction to zone cuts? Doug Barton
- Re: [dnsext] Short introduction to zone cuts? Ray Bellis
- Re: [dnsext] Short introduction to zone cuts? Doug Barton
- Re: [dnsext] Short introduction to zone cuts? Mark Andrews
- Re: [dnsext] Short introduction to zone cuts? Ray Bellis
- Re: [dnsext] Short introduction to zone cuts? Tony Finch
- Re: [dnsext] Short introduction to zone cuts? Doug Barton