Re: [dnsext] Short introduction to zone cuts?

Ray Bellis <Ray.Bellis@nominet.org.uk> Sat, 17 March 2012 13:31 UTC

Return-Path: <Ray.Bellis@nominet.org.uk>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E73621F8604 for <dnsext@ietfa.amsl.com>; Sat, 17 Mar 2012 06:31:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.552
X-Spam-Level:
X-Spam-Status: No, score=-9.552 tagged_above=-999 required=5 tests=[AWL=-0.442, BAYES_05=-1.11, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VpxsKrFv9ZMl for <dnsext@ietfa.amsl.com>; Sat, 17 Mar 2012 06:31:24 -0700 (PDT)
Received: from mx3.nominet.org.uk (mx3.nominet.org.uk [213.248.199.23]) by ietfa.amsl.com (Postfix) with ESMTP id F2B9321F85EA for <dnsext@ietf.org>; Sat, 17 Mar 2012 06:31:23 -0700 (PDT)
DomainKey-Signature: s=main.dk.nominet.selector; d=nominet.org.uk; c=nofws; q=dns; h=X-IronPort-AV:Received:Received:From:To:CC:Subject: Thread-Topic:Thread-Index:Date:Message-ID:References: In-Reply-To:Accept-Language:Content-Language: X-MS-Has-Attach:X-MS-TNEF-Correlator:Content-Type: Content-ID:Content-Transfer-Encoding:MIME-Version; b=eQ5/sGNOsNfvR0DyHIjZpnEtI9QPMnOmFxISkKyn1N4EqcymdmcevqhW dPcy1/REgl2UHIfX2gIOtoTaeBQOccuIhUFxQuLk3+NYelFs9wencZvAi lMIuNzV7G5l2YDu;
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nominet.org.uk; i=Ray.Bellis@nominet.org.uk; q=dns/txt; s=main.dkim.nominet.selector; t=1331991084; x=1363527084; h=from:sender:reply-to:subject:date:message-id:to:cc: mime-version:content-transfer-encoding:content-id: content-description:resent-date:resent-from:resent-sender: resent-to:resent-cc:resent-message-id:in-reply-to: references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:list-owner:list-archive; z=From:=20Ray=20Bellis=20<Ray.Bellis@nominet.org.uk> |Subject:=20Re:=20[dnsext]=20Short=20introduction=20to=20 zone=20cuts?|Date:=20Sat,=2017=20Mar=202012=2013:31:40=20 +0000|Message-ID:=20<8D53F412-A917-4DB2-9B7F-527B8FDD6779 @nominet.org.uk>|To:=20Mark=20Andrews=20<marka@isc.org> |CC:=20Paul=20Hoffman=20<paul.hoffman@vpnc.org>,=20DNSEXT =20Working=20Group=0D=0A=09<dnsext@ietf.org> |MIME-Version:=201.0|Content-Transfer-Encoding:=20quoted- printable|Content-ID:=20<c87713f5-56b0-49ea-a2a6-55d02558 43f2>|In-Reply-To:=20<20120316233618.16C831E9F8E3@drugs.d v.isc.org>|References:=20<946E9EC4-9872-4A98-BCEB-3CD7420 929A1@vpnc.org>=0D=0A=20<20120316233618.16C831E9F8E3@drug s.dv.isc.org>; bh=SqV7xb/VN7yiagUsqbcP38U1iPESyTxexdMJI8KKlRE=; b=sTlW5sAZsx+Zt0Ns613YLeuClyAZON1VoLqeQB59XfXnI+ZPlTVoLYY0 GFUytzR4UN37Jl1FRMhuNbCC3aGh17MAx8HLu55v4LKgVGJcNcxsh7q6X CP5zA3ENoY2YAxV;
X-IronPort-AV: E=Sophos;i="4.73,602,1325462400"; d="scan'208";a="38937199"
Received: from wds-exc2.okna.nominet.org.uk ([213.248.197.145]) by mx3.nominet.org.uk with ESMTP; 17 Mar 2012 13:31:21 +0000
Received: from WDS-EXC1.okna.nominet.org.uk ([fe80::1593:1394:a91f:8f5f]) by wds-exc2.okna.nominet.org.uk ([fe80::7577:eaca:5241:25d4%19]) with mapi; Sat, 17 Mar 2012 13:31:21 +0000
From: Ray Bellis <Ray.Bellis@nominet.org.uk>
To: Mark Andrews <marka@isc.org>
Thread-Topic: [dnsext] Short introduction to zone cuts?
Thread-Index: AQHNA5zsYFL40qEpS0Ktdz4KXCtF9ZZtlCQkgADpMwA=
Date: Sat, 17 Mar 2012 13:31:40 +0000
Message-ID: <8D53F412-A917-4DB2-9B7F-527B8FDD6779@nominet.org.uk>
References: <946E9EC4-9872-4A98-BCEB-3CD7420929A1@vpnc.org> <20120316233618.16C831E9F8E3@drugs.dv.isc.org>
In-Reply-To: <20120316233618.16C831E9F8E3@drugs.dv.isc.org>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="us-ascii"
Content-ID: <c87713f5-56b0-49ea-a2a6-55d0255843f2>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: Paul Hoffman <paul.hoffman@vpnc.org>, DNSEXT Working Group <dnsext@ietf.org>
Subject: Re: [dnsext] Short introduction to zone cuts?
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Mar 2012 13:31:25 -0000

On 16 Mar 2012, at 23:36, Mark Andrews wrote:

> RFC 1034 say all you need to say for zone operators about NS record.

IMHO, there's more to it than that.

For example, if you have this in a parent zone:

1.1.1.1.5.5.5.3.0.2.1.e164.arpa. IN NS ns1.example.com

and this in the child zone:

$ORIGIN 5.5.5.3.0.2.1.e164.arpa.
@          SOA ...
@          NS ns1.example.com
0.0.0.0    NAPTR ...
1.0.0.0    NAPTR ...

it currently works - the parent zone points to the right server, but the parent and child disagree on where the zone cut is.

However with DNSSEC that is no longer possible.  There's nowhere to put the DS record.

For various historic reasons, the UK public ENUM tree has per-number NS records as shown above.  To make the parent and child consistent (without changing the parent) the child server would need to have a separate zone file _per number_.

Ray