On Fri, Apr 13, 2018 at 07:59:19AM -0700, Paul Hoffman wrote: > >Specifically, I thought it was a good a idea to make a "minimal but > >correct and best practices" authoritative nameserver. > Thank you, thank you.
I can also tell you it is fun to start one from scratch and not make the same mistakes again! > >1) chase CNAMEs that point to another zone > >2) look for glue outside of the zone > > 1) What was the historical text that indicated that an authoritative server > should chase CNAMEs before responding? This worries me. RFC 1034, 4.3.2, step 3, a. It says to go back to step 1, which means that in step 2 we look up the best zone again for the target of the CNAME. I have not looked if newer RFCs deprecate this or not. So with 'chase' I mean, consult other zones it is authoritative for. There might be millions of these btw, operated by other people. > 2) What does "look for" mean here? Can you give an example of what you are > no longer doing in this authoritative? Sure. Let's say our auth has two zones loaded, 'red.com' and 'blue.com'. In red.com: france.red.com IN NS ns1.blue.com And in blue.com: ns1.blue.com IN A 127.0.0.1 If a query comes in for 'something.france.com', the authoritative server will send out a delegation and answer with 'france.red.com IN NS ns1.blue.com'. According to 1034, 4.3.2, step 3, b, we should now add 'addresses' if we have them for ns1.blue.com. My question is, should we look at the blue.com zone for those addresses? If course, if the NS record would be ns1.france.red.com, we should of course pass along glue since otherwise nothing can proceed. > >[1] - so cute https://twitter.com/PowerDNS_Bert/status/983659389935603712 > > Is this a suggestive plea for more camels to be sent to you? If so, you > should include your favored postal address so some of us can help your > collection grow. :-) The PowerDNS office at Herengracht 38b, 2511 EJ, The Hague, The Netherlands loves receiving packages :-) Bert _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop