<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On 17 November 2016 at 13:30, Mark Andrews <span dir="ltr"><<a href="mailto:marka@isc.org" target="_blank">marka@isc.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br><span class="">><br>
> Do you know how the patch is to be implemented? If absence of the relevant<br>
> SRV record indicates fallback to MNAME then it doesn't solve the problem.<br>
<br>
</span>SRV defines "." in the server field as "no service".<br>
<br>
e.g.<br>
_dns-update._tcp.tld. SRV 0 0 0 .<br></blockquote><div><br></div><div>Ah yes.. that works then.</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Note also the SOA MNAME is only supposed to be used if it matches<br>
a NS record name. Updates are supposed to be able to go to any<br>
nameserver for the zone.<br></blockquote><div><br></div><div>I can't lay my hands on a reference, and it's been a long time since I've had to have this conversation with them, but I seem to recall that IANA insists on a gTLD MNAME being one of the names in the NS set. I may be completely wrong about that and I invite someone who knows better to please correct me.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
As far as I can see there was no RFC issued with this assignment.<br>
<br>
I would suggest doing a RFC2136bis which incorporates this along<br>
with SIG(0)/TSIG/GSS-TSIG as securing mechanisms. RFC2137 is<br>
currently mentioned in the security considerations and is very much<br>
out of date. SIG(0) and TSIG are forwardable though you have to<br>
preserve the ID field when forwarding SIG(0) signed updates.<br></blockquote><div><br></div><div>It won't fix the current install base, but I'd happily co-author something to this effect to help squelch the noise from future deployments.</div></div></div></div>