IETF Logo Mail Archive

Re: [dnsext] Short introduction to zone cuts?

Mark Andrews <marka@isc.org> Sat, 17 March 2012 23:37 UTC

Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB4EE21F85EE; Sat, 17 Mar 2012 16:37:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1332027463; bh=dU2voAaIrh3s2N/X9YC8kgOkz48xlyH7cYp7Cvu3Tjw=; h=To:From:References:In-reply-to:Date:Message-Id:Cc:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: MIME-Version:Content-Type:Content-Transfer-Encoding:Sender; b=TJosJQFNelY0Ce2xQj8Uv8Rclpk8x3X4dNrwZemASDEbCZRgYpfjkwEtQQ3FgU+aB BlF/9x1SG3xKOqvsl8TphdwroYGAXQoBavoVTEJelPPmnB1gXSOS2WjG8P0BLlc6CT ZgDMRKlt+Tcy/9ghdANcQHj7zv7XxHseIMKyfdmE=
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C748F21F85EE for <dnsext@ietfa.amsl.com>; Sat, 17 Mar 2012 16:37:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.546
X-Spam-Level:
X-Spam-Status: No, score=-2.546 tagged_above=-999 required=5 tests=[AWL=0.053, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wwxDwh9X1ML9 for <dnsext@ietfa.amsl.com>; Sat, 17 Mar 2012 16:37:41 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) by ietfa.amsl.com (Postfix) with ESMTP id EAD5721F85ED for <dnsext@ietf.org>; Sat, 17 Mar 2012 16:37:40 -0700 (PDT)
Received: from bikeshed.isc.org (bikeshed.isc.org [IPv6:2001:4f8:3:d::19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "mail.isc.org", Issuer "RapidSSL CA" (not verified)) by mx.pao1.isc.org (Postfix) with ESMTPS id 14E55C9423; Sat, 17 Mar 2012 23:37:22 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (unknown [IPv6:2001:470:1f00:820:8568:13ff:fc38:4b7]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by bikeshed.isc.org (Postfix) with ESMTPSA id C6F9F216C31; Sat, 17 Mar 2012 23:37:21 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (Postfix) with ESMTP id A52EB1EA2B98; Sun, 18 Mar 2012 10:37:14 +1100 (EST)
To: Paul Hoffman <paul.hoffman@vpnc.org>
From: Mark Andrews <marka@isc.org>
References: <946E9EC4-9872-4A98-BCEB-3CD7420929A1@vpnc.org> <20120316233618.16C831E9F8E3@drugs.dv.isc.org> <68D9EB4A-78FB-428D-B312-165343DDB9FF@vpnc.org>
In-reply-to: Your message of "Sat, 17 Mar 2012 07:41:08 PDT." <68D9EB4A-78FB-428D-B312-165343DDB9FF@vpnc.org>
Date: Sun, 18 Mar 2012 10:37:14 +1100
Message-Id: <20120317233714.A52EB1EA2B98@drugs.dv.isc.org>
Cc: DNSEXT Working Group <dnsext@ietf.org>
Subject: Re: [dnsext] Short introduction to zone cuts?
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org

In message <68D9EB4A-78FB-428D-B312-165343DDB9FF@vpnc.org>, Paul Hoffman writes
:
> On Mar 16, 2012, at 4:36 PM, Mark Andrews wrote:
> 
> > 
> > In message <946E9EC4-9872-4A98-BCEB-3CD7420929A1@vpnc.org>, Paul Hoffman wr
> ites
> > :
> >> Over on the dns-operations list, the issue of zone cuts has come up, and e
> ven
> >> normally-careful people have gotten it wrong. Is there a readable introduc
> ti
> >> on to zone cuts and how they affect zone operators? If not, someone should
>  re
> >> ally consider writing a two-page informational RFC on the subject and have
>  it
> >> reviewed here (even if it is after this WG shuts down) before publication.
>  I
> >> suspect that such an RFC will be more valuable to the Internet than many o
> f 
> >> the ones we have done here.
> >> 
> >> --Paul Hoffman
> > 
> > RFC 1034 say all you need to say for zone operators about NS record.
> 
> As we have seen, the text in RFC 1034 has not been sufficient to prevent erro
> rs. A clearly-written document might help prevent errors. Some of us would pr
> efer to prevent errors rather than just criticize the people who cannot read 
> the source documents as well as you can.

Please go survey those that have made errors and ask them if there
are supposed to be matching NS records in the parent and child
zones.  I know that ISC's error a couple of weeks back were not due
to lack of knowledge.

There are lots of documents on the net on how to delegate a zone.
Of those I've checked they all say to add matching NS records to
the parent zone.  One more won't help.  People either don't read,
make a mistake, or deliberately choose to do the wrong thing.

> > Nameserver developer need to know more.
> 
> And, as such, would be valuable to document in an informational RFC, given th
> at we see errors in that all the time. The two sets of information are quite 
> related.

We already have documents that tell implementors what to do.  
 
> --Paul Hoffman
> 
> _______________________________________________
> dnsext mailing list
> dnsext@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsext
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org
_______________________________________________
dnsext mailing list
dnsext@ietf.org
https://www.ietf.org/mailman/listinfo/dnsext

v2.23.0 | Report a Bug | By Email