Re: [dnsext] RFC 3484 section 6 rule 9 causing more operational problems

From: Chris Thompson <cet1 at cam.ac.uk>
To: Ondřej Surý <ondrej.sury at nic.cz>
Cc: Paul Vixie <vixie at isc.org>, bmanning at vacation.karoshi.com, ietf at ietf.org, namedroppers at ops.ietf.org
Date: 04 Mar 2009 19:54:37 +0000
In-reply-to: <e90946380903041020l212909c0sa071be8c833e2e80 at mail.gmail.com>
References: <alpine.LSU.2.00.0903041400220.8701 at hermes-2.csi.cam.ac.uk> <20563.1236179832 at nsa.vix.com> <alpine.LSU.2.00.0903041531250.8701 at hermes-2.csi.cam.ac.uk> <25914.1236186707 at nsa.vix.com> <20090304175748.GB24212 at vacation.karoshi.com.> <e90946380903041020l212909c0sa071be8c833e2e80 at mail.gmail.com>

On Mar 4 2009, Ondřej Surý wrote:

On Wed, Mar 4, 2009 at 6:57 PM, <bmanning at vacation.karoshi.com> wrote:

[...]

        DNSSEC does reorder RRSets within a zone.  Which is a new feature.


When we started talking about order of RRSets?  This is purely discussion
about order of RRs in RRSet. Order of RRSets in zone is irrelevant before
DNSSEC and also after DNSSEC. Nothing depends on order of RRSets
at least in my best knowledge.


I took Bill to mean "DNSSEC does reorder RRs within an RRset" anyway, as
I don't know in what other sense DNSSEC is relevant at all.

But the canonical ordering of RRs within an RRset for signing purposes
says nothing about the presentation order in the answers to DNS queries.
And in fact a certain well-known nameserver implementation not unassociated
with Paul still supports all the rrset-order and sortlist controls, which
work for secured zones as well as unsecured ones.

--
Chris Thompson
Email: cet1 at cam.ac.uk

Follow-Ups:
- Re: [dnsext] RFC 3484 section 6 rule 9 causing more operational problems
  - From: bmanning

References:
- RFC 3484 section 6 rule 9 causing more operational problems
  - From: Tony Finch
- Re: [dnsext] RFC 3484 section 6 rule 9 causing more operational problems
  - From: Paul Vixie
- Re: [dnsext] RFC 3484 section 6 rule 9 causing more operational problems
  - From: Tony Finch
- Re: [dnsext] RFC 3484 section 6 rule 9 causing more operational problems
  - From: Ondřej Surý

Prev by Date: Re: Running Code
Next by Date: Re: [dnsext] RFC 3484 section 6 rule 9 causing more operational problems
Previous by thread: Re: [dnsext] RFC 3484 section 6 rule 9 causing more operational problems
Next by thread: Re: [dnsext] RFC 3484 section 6 rule 9 causing more operational problems
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: [dnsext] RFC 3484 section 6 rule 9 causing more operational problems

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.