[dns-operations] DNS trust dependencies for TLDs

[Antoin Verschuren]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> -----Original Message-----
> From: Florian Weimer [mailto:fw at deneb.enyo.de]
> Subject: Re: [dns-operations] DNS trust dependencies for TLDs
> 
> * Antoin Verschuren:
> 
> > The .nl zone is a delegation only zone.
> 
> It's not. 8-)  _NICNAME._TCP.NL is a name for which the .nl servers answer
> authoritatively.

Ah, yes, you're right :-)

> Apart from that, the proposal was to make the .nl servers
> authoritative for the names of the name servers, which can cause
> issues due to a BIND misfeature.

Hmm, the servers are authoritative for the in-bailiwick names, but in a separate zone:

; <<>> DiG 9.3.4-P1.1 <<>> ns1.nic.nl @ns1.nic.nl a
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6580
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 8, ADDITIONAL: 5

;; QUESTION SECTION:
;ns1.nic.nl.            IN A

;; ANSWER SECTION:
ns1.nic.nl.             1800 IN A 193.176.144.2

All *.nic.nl nameservers that run the .nl zone are also authoritative for nic.nl.
I always wondered about the real background for that operational practice.
Can somebody shed some light on how such a situation is affected by the Bind "misfeature" ?


Antoin Verschuren

Technical Policy Advisor
SIDN
Utrechtseweg 310
PO Box 5022
6802 EA Arnhem
The Netherlands

T +31 26 3525500
F +31 26 3525505
M +31 6 23368970
E antoin.verschuren at sidn.nl
W http://www.sidn.nl/

-----BEGIN PGP SIGNATURE-----
Version: 9.6.3 (Build 3017)

wsBVAwUBSjYO8zqHrM883AgnAQjKOwf/c7iJ+O0Tc4Y0DyyVck5Zoxs9SMZI665j
/QeArIOVlDEZwlL/Mwr1cXK4yIzN+iCCVbMrJBcdMz7llsKpIAN6g8yAlk+Uz+Q3
NwJN11GtK4LxWffy+C4eOdv/9Z4WLuSnntYX0we6N6hxSraOWAWWQJCghUhQR+YR
uxjOrAwezpLulPuBytbCwTZcKerzlGK4Op1BRSRUlVEQaHh8tnWB04us535PhuAZ
c6NmZIGcPs3OQ/3/SZo2OLeS3hd9djjUSc79tri6YksykNV6reU2Vf4P/yGQ9r+2
S00K7/UZSmUDImp0kMbVyh5D+kVLgeAlJDFIrboVxwSzolPE1IJWZA==
=Ha4I
-----END PGP SIGNATURE-----