[dns-operations] EDNS and TLDs
marka at isc.org
Fri Nov 18 07:36:18 UTC 2016
In message <582EAAC4.80502 at redbarn.org>, Paul Vixie writes:
> Tony Finch wrote:
> > Mark Andrews <marka at isc.org> wrote:
> >> Note also the SOA MNAME is only supposed to be used if it matches
> >> a NS record name. Updates are supposed to be able to go to any
> >> nameserver for the zone.
> > Hmf. There are a couple of problems with this model:
> > It doesn't seem reasonable to expect an UPDATE to work if it is sent
> > to an off-site secondary run by a third party.
> your attempt to reason from first principles without reference to the
> RFC itself and what it actually says about update forwarding is noted.
> > If you have a hidden master setup, it would be nice to get UPDATEs to go
> > to a dedicated UPDATE server, completely separate from the read-only
> > publication slaves, and probably also separate from the hidden master.
> this wasn't done because srv was experimental whereas update was
> standards track and the twain nere shall link.
> however, all of this misses the point. these updates are coming from
> third parties, or else we could turn them off (in our own dhcp server
> for example). why are third parties sending updates without permission
> or invitation, is the question we ought to answer first. (afterward, we
> can debate whether these party-crashers would respect a signal to not
> send updates if such a signal existed, since they're already sending us
> updates without invitation or permission.)
> P Vixie
Some of them will be machines just trying to register their addresses
in the DNS under the names they are configured with. You find the
enclosing zone and send a update to the servers for that zone. When
you squat on names you get updates being sent to unexpected places.
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations