Re: [dnsext] Short introduction to zone cuts?
Doug Barton <dougb@dougbarton.us> Mon, 19 March 2012 22:48 UTC
Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ACFFF21E8051; Mon, 19 Mar 2012 15:48:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1332197294; bh=V13uVJAmJ8DDnR2Qbw0Vxo6lFyiSAz5qEvaHWxmU4AI=; h=Message-ID:Date:From:MIME-Version:To:References:In-Reply-To:Cc: Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:List-Help: List-Subscribe:Content-Type:Content-Transfer-Encoding:Sender; b=S5JrsIMUYcSmXlVkAYMnzOnSZo+5Z4JlKi5e3OzWUIz4cVRKeip8rjx6msdsyqSDT fPQ8P/5f9QFfcxk/Xa1HhDNPmGKDGyHxV7raVWs/fosHNz6IJMFijk+3V6y0ChNqLJ S5fN/768I/gLnW9Koinv7d/614X94MP3heUkfAQY=
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 218DF21E8048 for <dnsext@ietfa.amsl.com>; Mon, 19 Mar 2012 15:48:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.657
X-Spam-Level:
X-Spam-Status: No, score=-3.657 tagged_above=-999 required=5 tests=[AWL=-0.058, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id naYmxmugVIcv for <dnsext@ietfa.amsl.com>; Mon, 19 Mar 2012 15:48:12 -0700 (PDT)
Received: from mail2.fluidhosting.com (mx22.fluidhosting.com [204.14.89.5]) by ietfa.amsl.com (Postfix) with ESMTP id 5CF9D21E8034 for <dnsext@ietf.org>; Mon, 19 Mar 2012 15:48:12 -0700 (PDT)
Received: (qmail 17042 invoked by uid 399); 19 Mar 2012 22:48:07 -0000
Received: from unknown (HELO ?172.17.198.245?) (dougb@dougbarton.us@12.207.105.210) by mail2.fluidhosting.com with ESMTPAM; 19 Mar 2012 22:48:07 -0000
X-Originating-IP: 12.207.105.210
X-Sender: dougb@dougbarton.us
Message-ID: <4F67B7A7.1000608@dougbarton.us>
Date: Mon, 19 Mar 2012 15:48:07 -0700
From: Doug Barton <dougb@dougbarton.us>
Organization: http://SupersetSolutions.com/
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko/20120312 Thunderbird/11.0
MIME-Version: 1.0
To: Ray Bellis <Ray.Bellis@nominet.org.uk>
References: <946E9EC4-9872-4A98-BCEB-3CD7420929A1@vpnc.org> <20120316233618.16C831E9F8E3@drugs.dv.isc.org> <8D53F412-A917-4DB2-9B7F-527B8FDD6779@nominet.org.uk> <4F653C29.2070103@dougbarton.us> <B9ADF3A0-5943-4FFF-A614-5727D34AD6F6@nominet.org.uk>
In-Reply-To: <B9ADF3A0-5943-4FFF-A614-5727D34AD6F6@nominet.org.uk>
X-Enigmail-Version: 1.4
Cc: Paul Hoffman <paul.hoffman@vpnc.org>, DNSEXT Working Group <dnsext@ietf.org>
Subject: Re: [dnsext] Short introduction to zone cuts?
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org
On 3/19/2012 7:58 AM, Ray Bellis wrote: > > On 18 Mar 2012, at 01:36, Doug Barton wrote: > >> I'm not sure what you mean by "works" here. > > I mean the NAPTR records correctly resolve. > >> If you mean that anyone using ns1.example.com directly will see >> those records, then yes, it works -- for those users. But assuming >> that ns1.example.com is not included in the NS set of the parent >> zone, no one else will see the 2 NAPTR records you listed above. So >> in that sense it doesn't work ... at least, it doesn't work the way >> that the administrator of ns1.example.com wants it to. > > No, in this case "ns1.example.com" _is_ found via the parent zone, > but the delegation is four nodes further down the DNS tree than the > child's SOA / NS records would indicate. Right, and that's the devious subtlety of your message. :) No one would ever query ns1.example.com iteratively for the sample records in the zone you posted because they would have no way of knowing that ns1.example.com thought it was authoritative for those records. Clients querying it directly would get an answer (think in-house resolvers with various in-house zones slaved to it) but no one else would. Doug -- If you're never wrong, you're not trying hard enough _______________________________________________ dnsext mailing list dnsext@ietf.org https://www.ietf.org/mailman/listinfo/dnsext
- [dnsext] Short introduction to zone cuts? Paul Hoffman
- Re: [dnsext] Short introduction to zone cuts? Mark Andrews
- Re: [dnsext] Short introduction to zone cuts? Ray Bellis
- Re: [dnsext] Short introduction to zone cuts? Paul Hoffman
- Re: [dnsext] Short introduction to zone cuts? Mark Andrews
- Re: [dnsext] Short introduction to zone cuts? Doug Barton
- Re: [dnsext] Short introduction to zone cuts? Ray Bellis
- Re: [dnsext] Short introduction to zone cuts? Doug Barton
- Re: [dnsext] Short introduction to zone cuts? Mark Andrews
- Re: [dnsext] Short introduction to zone cuts? Ray Bellis
- Re: [dnsext] Short introduction to zone cuts? Tony Finch
- Re: [dnsext] Short introduction to zone cuts? Doug Barton