[dns-operations] EDNS and TLDs

Mark Andrews marka at isc.org
Fri Nov 18 07:36:18 UTC 2016

In message <582EAAC4.80502 at redbarn.org>, Paul Vixie writes:
> Tony Finch wrote:
> > Mark Andrews <marka at isc.org> wrote:
> >> Note also the SOA MNAME is only supposed to be used if it matches
> >> a NS record name.  Updates are supposed to be able to go to any
> >> nameserver for the zone.
> > 
> > Hmf. There are a couple of problems with this model:
> > 
> > It doesn't seem reasonable to expect an UPDATE to work if it is sent
> > to an off-site secondary run by a third party.
> your attempt to reason from first principles without reference to the
> RFC itself and what it actually says about update forwarding is noted.
> > 
> > If you have a hidden master setup, it would be nice to get UPDATEs to go
> > to a dedicated UPDATE server, completely separate from the read-only
> > publication slaves, and probably also separate from the hidden master.
> this wasn't done because srv was experimental whereas update was
> standards track and the twain nere shall link.
> however, all of this misses the point. these updates are coming from
> third parties, or else we could turn them off (in our own dhcp server
> for example). why are third parties sending updates without permission
> or invitation, is the question we ought to answer first. (afterward, we
> can debate whether these party-crashers would respect a signal to not
> send updates if such a signal existed, since they're already sending us
> updates without invitation or permission.)
> -- 
> P Vixie

Some of them will be machines just trying to register their addresses
in the DNS under the names they are configured with.  You find the
enclosing zone and send a update to the servers for that zone.  When
you squat on names you get updates being sent to unexpected places.

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the dns-operations mailing list