[dns-operations] EDNS and TLDs
Matthew Pounsett
matt at conundrum.com
Thu Nov 17 04:37:40 UTC 2016
On 17 November 2016 at 13:30, Mark Andrews <marka at isc.org> wrote:
>
> >
> > Do you know how the patch is to be implemented? If absence of the
> relevant
> > SRV record indicates fallback to MNAME then it doesn't solve the problem.
>
> SRV defines "." in the server field as "no service".
>
> e.g.
> _dns-update._tcp.tld. SRV 0 0 0 .
>
Ah yes.. that works then.
>
> Note also the SOA MNAME is only supposed to be used if it matches
> a NS record name. Updates are supposed to be able to go to any
> nameserver for the zone.
>
I can't lay my hands on a reference, and it's been a long time since I've
had to have this conversation with them, but I seem to recall that IANA
insists on a gTLD MNAME being one of the names in the NS set. I may be
completely wrong about that and I invite someone who knows better to please
correct me.
>
> As far as I can see there was no RFC issued with this assignment.
>
> I would suggest doing a RFC2136bis which incorporates this along
> with SIG(0)/TSIG/GSS-TSIG as securing mechanisms. RFC2137 is
> currently mentioned in the security considerations and is very much
> out of date. SIG(0) and TSIG are forwardable though you have to
> preserve the ID field when forwarding SIG(0) signed updates.
>
It won't fix the current install base, but I'd happily co-author something
to this effect to help squelch the noise from future deployments.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20161117/ea6b6af2/attachment.html>
More information about the dns-operations
mailing list