Re: [regext] draft-ietf-regext-bundling-registration-06.txt - Impact of DNSSEC?

"Jiankang Yao" <yaojk@cnnic.cn> Wed, 31 October 2018 01:35 UTC

Return-Path: <yaojk@cnnic.cn>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C392130DDD for <regext@ietfa.amsl.com>; Tue, 30 Oct 2018 18:35:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oNwaCU09CJ_V for <regext@ietfa.amsl.com>; Tue, 30 Oct 2018 18:35:30 -0700 (PDT)
Received: from cnnic.cn (smtp13.cnnic.cn [218.241.118.13]) by ietfa.amsl.com (Postfix) with ESMTP id 6555C130E4C for <regext@ietf.org>; Tue, 30 Oct 2018 18:35:16 -0700 (PDT)
Received: from healthyao-PC (unknown [218.241.103.187]) by ocmail02.zx.nicx.cn (Coremail) with SMTP id AQAAf0AZIPzOBtlbHWwFAA--.4722S2; Wed, 31 Oct 2018 09:35:10 +0800 (CST)
Date: Wed, 31 Oct 2018 09:35:01 +0800
From: Jiankang Yao <yaojk@cnnic.cn>
To: "Mack, Justin" <justin.mack=40markmonitor.com@dmarc.ietf.org>, regext <regext@ietf.org>
Reply-To: yaojk <yaojk@cnnic.cn>
References: <153925037464.11372.7633502458048801151@ietfa.amsl.com>, <5BD8A375.1070401@markmonitor.com>
X-Priority: 3
X-Has-Attach: no
X-Mailer: Foxmail 7.0.1.92[cn]
Mime-Version: 1.0
Message-ID: <20181031093359592583126@cnnic.cn>
Content-Type: multipart/alternative; boundary="----=_001_NextPart238705738742_=----"
X-CM-TRANSID: AQAAf0AZIPzOBtlbHWwFAA--.4722S2
X-Coremail-Antispam: 1UD129KBjvJXoWruFWkuF13ZF1DKry5ZFWUJwb_yoW8JryxpF W2ya42yrs0gFWftrW7Xw4YvF9Yk395J39FvryDJw1UCa15uas7Kr1IqFWUAFWUCw4xWrWq qa1SvrWa93WUZaDanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUB0b7Iv0xC_Cr1lb4IE77IF4wAFF20E14v26r1j6r4UM7CY07I2 0VC2zVCF04k26cxKx2IYs7xG6rWj6s0DM7CIcVAFz4kK6r1j6r18M28lY4IEw2IIxxk0rw A2F7IY1VAKz4vEj48ve4kI8wA2z4x0Y4vE2Ix0cI8IcVAFwI0_Gr0_Xr1l84ACjcxK6xII jxv20xvEc7CjxVAFwI0_Gr0_Cr1l84ACjcxK6I8E87Iv67AKxVW8Jr0_Cr1UM28EF7xvwV C2z280aVCY1x0267AKxVWxJr0_GcWle2I262IYc4CY6c8Ij28IcVAaY2xG8wAqx4xG6xAI xVCFxsxG0wAv7VC0I7IYx2IY67AKxVWUJVWUGwAv7VC2z280aVAFwI0_Jr0_Gr1lOx8S6x CaFVCjc4AY6r1j6r4UM4x0Y48IcxkI7VAKI48JM4xvF2IEb7IF0Fy264kE64k0F24lFcxC 0VAYjxAxZF0Ex2IqxwCY02Avz4vE14v_KwCF04k20xvY0x0EwIxGrwCFx2IqxVCFs4IE7x kEbVWUJVW8JwC20s026c02F40E14v26r106r1rMI8I3I0E7480Y4vE14v26r106r1rMI8E 67AF67kF1VAFwI0_Jrv_JF1lIxkGc2Ij64vIr41lIxAIcVC0I7IYx2IY67AKxVWUJVWUCw CI42IY6xIIjxv20xvEc7CjxVAFwI0_Jr0_Gr1lIxAIcVCF04k26cxKx2IYs7xG6rWUJVWr Zr1UMIIF0xvEx4A2jsIE14v26r1j6r4UMIIF0xvEx4A2jsIEc7CjxVAFwI0_Jr0_Gr1l6V ACY4xI67k04243AbIYCTnIWIevJa73UjIFyTuYvjxU2eMNUUUUU
X-CM-SenderInfo: x1dryyw6fq0xffof0/
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/sP3glnG-0ijiez40YfsP3sx8FBc>
Subject: Re: [regext] draft-ietf-regext-bundling-registration-06.txt - Impact of DNSSEC?
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Oct 2018 01:35:31 -0000

From: Mack, Justin
Date: 2018-10-31 02:31
To: regext@ietf.org
Subject: Re: [regext] draft-ietf-regext-bundling-registration-06.txt - Impact of DNSSEC?
>Greetings REGEXT,
>
>What is the impact of DNSSEC on bundled domain names in this specification?
>

I think that there has no direct impact.

>I see that most attributes are shared between domains in the bundle, 
>such as assigned nameservers. Does this mean that DS/DNSKEY information 
>is also shared between these domains?
>

The DNS administrator can choose whether DS/DNSKEY information can be shared or not.
This document does not specify it. 

>As a DNS administrator, I assume I must create separate zones for each 
>domain in the bundle, if I want them all to resolve. 


In the case of (TLDs are different)
LABEL.V-tld-A and LABEL.V-tld-B, you must create separated zones.
In the case of  (TLD is same)
 V-label-A.TLD and V-label-B.TLD,  you can choose to create separated zones or not.



>Must I share the 
>same Key Signing Keys (KSKs) and even Zone Signing Keys (ZSKs) between 
>the bundled zones?
>

As pointed above, 
The DNS administrator can choose whether DS/DNSKEY information can be shared or not.
This document does not specify it. 


Thanks.

Jiankang Yao

>Thank you.
>