[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

updated dname draft-08

To: Namedroppers <namedroppers@ops.ietf.org>
Subject: updated dname draft-08
From: Wouter Wijngaards <wouter@NLnetLabs.nl>
Date: Mon, 14 Jan 2008 10:26:56 +0100
User-agent: Thunderbird 2.0.0.9 (X11/20071115)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

The new updated DNAME-bis draft has the following changes 07->08:

o Some spelling and grammar corrections.
o Cleanup of text on the fact that a DNAME is not allowed at the parent
side of a delegation (no mention of SOA records and so on).
o Text talks about resource records that exist at a domain name
subordinate to the owner name of the dname. (in the 'no data below' text).
o removed text about chasing chains of cname/dnames out of zone, it was
out of scope.

o dns cache text changed, 'do not crash when DNAME records are changed'.
the text:
~  DNS caches can encounter data at names below the owner name of a
~  DNAME RR, due to a change at the authoritative server where data from
~  before and after the change resides in the cache.  This conflict
~  situation is a transitional phase, that ends when the old data times
~  out.  The cache can opt to store both old and new data and treat each
~  as if the other did not exist, or drop the old data, or drop the
~  longer domain name.  In any approach, consistency returns after the
~  older data TTL times out.

o dynamic update for DNAME works like NS records.
the text:
~  Dynamic update for DNAME records works similar to dynamic update for
~  delegating NS records.  For example, adding a DNAME obscures names in
~  the zone.  DNAME records can be added, changed and removed.

o text about keeping signing keys online removed,
it now says:
~  The answer shown above has the synthesized CNAME included.  However,
~  the CNAME has no signature, since the server does not sign online.
~  So it cannot be trusted.  It could be altered by an attacker to be
~  ... bla bla

I think I have captured all open issues from the working group with this
new version. Let me know if any issues remain.

Best regards,
~   Wouter (and Scott)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFHiyrfkDLqNwOhpPgRAmemAJsHKCtiyJppvIUSZaTfSaNTdSrd8ACfaRav
EBCAIcnlLlVI90op2zGFXx0=
=Dkaj
-----END PGP SIGNATURE-----

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: updated dname draft-08
  - From: Paul Vixie <paul@vix.com>

Prev by Date: I-D Action:draft-ietf-dnsext-rfc2672bis-dname-08.txt
Next by Date: Re: updated dname draft-08
Previous by thread: I-D Action:draft-ietf-dnsext-rfc2672bis-dname-08.txt
Next by thread: Re: updated dname draft-08
Index(es):
- Date
- Thread