[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Q-10: Reaction to "Silly" NXT's

To: "Olaf M. Kolkman" <olaf@ripe.net>
Subject: Re: Q-10: Reaction to "Silly" NXT's
From: Mark.Andrews@isc.org
Date: Fri, 06 Jun 2003 23:23:22 +1000
Cc: edlewis@arin.net, derek@ihtfp.com, roy@logmess.com, namedroppers@ops.ietf.org
In-reply-to: Your message of "Fri, 06 Jun 2003 12:25:46 +0200." <20030606122546.57ba0f4b.olaf@ripe.net>

> On Fri, 06 Jun 2003 07:07:57 +1000
> Mark.Andrews@isc.org wrote:
> 
> (Two minor additions to the expected NXT list at the bottom of the original 
>  posting)
> 
> 
> >  > Another worry, the ownername; Do I read correctly that a silly state
> >  > does not allow for an owner name different than being expected(#) in
> >  > other words are ownername checks performed before or after the silly
> >  > state has been determined. (The argumentation above is based on the
> >  > ownername being as expected.)
> >  > 
> >  > If in a silly state the owner name is allowed to be different from
> >  > you should specify that the silly state first needs to be determined
> >  > and that one then needs to do the ownernameckeck. (A detail is that if
> >  > you allow for different owner names the silly state indicators reduce
> >  > to NXT ans SIG only).
> >  > 
> >  > 
> >  > --Olaf
> >  > 
> >  > 
> >  > 
> >  > (#) The NXT ownername that is expected is:
> >  > 
> >  > NXT ownername < QNAME if RCODE=NXDOMAIN
> >  	+ NXT for non-existance of wildcard.
> 
> Ack.. both are NXT ownernames are < QNAME.

	No.   The wildcard proof can be after the QNAME.

	%.example.com
	#.example.com NXT &.example.com
	&.example.com NXT example.com
 
> >  > NXT ownername == NS ownername in case of delegation
> >  > NXT ownername == QNAME in case of NOANSWER
> >    NXT ownername < QNAME if wildcard answer.
> 
> Ouch... 
> 
> But the ownername is still predictable.  

> The one relevant to the proof for NOANSWER is has the wildcard as
> ownername. 

	You have two NXT's.  One to prove the name didn't exist which
	also identifies the wildcard name and one to prove the QTYPE
	doesn't exist which has the wildcard as a owner.

> (You will also get a NXT RR that proofs there is no closer
> match than the wildcard but the NXT bitmap of that RR is irrelevant to
> the proof of non-existence of the QTYPE)
> 
> Question remains:
> 
> Are you first going to check the if bits are in a silly state so you
> know you do not have to expect a NOANSWER proof with the expected
> owner name (the NXT with the wildcard itself) or is the check simply:
> Check if ownername is relevant and then check that the bit for QTYPE
> is set to 0.

	Non-existance of QNAME doesn't depend upon the bits.
	Non-existance of QTYPE depends upon the bits.

 
> --Olaf
> 
> --------------------------------------------| Olaf M. Kolkman
>                                             | www.ripe.net/disi
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews@isc.org

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: Q-10: Reaction to "Silly" NXT's
  - From: Edward Lewis <edlewis@arin.net>

References:
- Re: Q-10: Reaction to "Silly" NXT's
  - From: "Olaf M. Kolkman" <olaf@ripe.net>

Prev by Date: DDNS-DHCP [5]: IDN in DDNS-DHCP docs
Next by Date: Re: [dhcwg] DDNS-DHCP [4]: 12 bit RCODEs in DHCP FQDN option
Previous by thread: Re: Q-10: Reaction to "Silly" NXT's
Next by thread: Re: Q-10: Reaction to "Silly" NXT's
Index(es):
- Date
- Thread