[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: zone-covering NSEC ranges -- "which is it?"

To: namedroppers@ops.ietf.org
Subject: Re: zone-covering NSEC ranges -- "which is it?"
From: Paul Vixie <paul@vix.com>
Date: Mon, 14 Jun 2004 21:48:20 +0000
In-reply-to: Message from Roy Badami <roy@gnomon.org.uk> of "Mon, 14 Jun 2004 22:45:20 +0100." <16590.7280.612012.311865@giles.gnomon.org.uk>

> I had been assuming the second possible answer, given that RFC2535
> said (5.1):
> 
>    There is a potential problem with the last NXT in a zone as it
>    wants to have an owner name which is the last existing name in
>    canonical order, which is easy, but it is not obvious what name to
>    put in its RDATA to indicate the entire remainder of the name
>    space.  This is handled by treating the name space as circular and
>    putting the zone name in the RDATA of the last NXT in a zone.
> 
> However it appears that DNSSECbis makes no similar statement about a
> circular name space.

not only that, the circularity is only by mention, not in fact.  it does
not say that putting your own owner name in as the target name works;
rather, that the zone name (or apex, or @ in my example) is special cased.

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: zone-covering NSEC ranges -- "which is it?"
  - From: Roy Arends <roy@dnss.ec>

References:
- zone-covering NSEC ranges -- "which is it?"
  - From: Roy Badami <roy@gnomon.org.uk>

Prev by Date: zone-covering NSEC ranges -- "which is it?"
Next by Date: Re: zone-covering NSEC ranges -- "which is it?"
Previous by thread: zone-covering NSEC ranges -- "which is it?"
Next by thread: Re: zone-covering NSEC ranges -- "which is it?"
Index(es):
- Date
- Thread