[dns-operations] EDNS and TLDs
matt at conundrum.com
Thu Nov 17 04:37:40 UTC 2016
On 17 November 2016 at 13:30, Mark Andrews <marka at isc.org> wrote:
> > Do you know how the patch is to be implemented? If absence of the
> > SRV record indicates fallback to MNAME then it doesn't solve the problem.
> SRV defines "." in the server field as "no service".
> _dns-update._tcp.tld. SRV 0 0 0 .
Ah yes.. that works then.
> Note also the SOA MNAME is only supposed to be used if it matches
> a NS record name. Updates are supposed to be able to go to any
> nameserver for the zone.
I can't lay my hands on a reference, and it's been a long time since I've
had to have this conversation with them, but I seem to recall that IANA
insists on a gTLD MNAME being one of the names in the NS set. I may be
completely wrong about that and I invite someone who knows better to please
> As far as I can see there was no RFC issued with this assignment.
> I would suggest doing a RFC2136bis which incorporates this along
> with SIG(0)/TSIG/GSS-TSIG as securing mechanisms. RFC2137 is
> currently mentioned in the security considerations and is very much
> out of date. SIG(0) and TSIG are forwardable though you have to
> preserve the ID field when forwarding SIG(0) signed updates.
It won't fix the current install base, but I'd happily co-author something
to this effect to help squelch the noise from future deployments.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dns-operations