[dns-operations] EDNS and TLDs

Paul Vixie paul at redbarn.org
Fri Nov 18 07:16:20 UTC 2016

Tony Finch wrote:
> Mark Andrews <marka at isc.org> wrote:
>> Note also the SOA MNAME is only supposed to be used if it matches
>> a NS record name.  Updates are supposed to be able to go to any
>> nameserver for the zone.
> Hmf. There are a couple of problems with this model:
> It doesn't seem reasonable to expect an UPDATE to work if it is sent
> to an off-site secondary run by a third party.

your attempt to reason from first principles without reference to the
RFC itself and what it actually says about update forwarding is noted.

> If you have a hidden master setup, it would be nice to get UPDATEs to go
> to a dedicated UPDATE server, completely separate from the read-only
> publication slaves, and probably also separate from the hidden master.

this wasn't done because srv was experimental whereas update was
standards track and the twain nere shall link.

however, all of this misses the point. these updates are coming from
third parties, or else we could turn them off (in our own dhcp server
for example). why are third parties sending updates without permission
or invitation, is the question we ought to answer first. (afterward, we
can debate whether these party-crashers would respect a signal to not
send updates if such a signal existed, since they're already sending us
updates without invitation or permission.)

P Vixie

More information about the dns-operations mailing list