At 10:47 -0500 12/20/06, Andrew Sullivan wrote:
On Wed, Dec 20, 2006 at 07:31:09AM -0500, Edward Lewis wrote:
Perhaps what needs to be conveyed is that the DNS response to a
reverse map query for an address ought to reflect what is supposed to
be seen at the address.
I like that as a general statement of the point of all of this.
Since the point is to make this a "considerations" document, surely
the general statement is enough?
Perhaps a special comment ought to be made about "leaking" although I
I avoided talking about that because I think it's already covered in
the Mark Andrews draft about defaults for local zones. I'm happy to
put a reference in, but the sense I got in San Diego and previously
was that people didn't want that, because the reference might hold up
the draft and we've been waiting long enough.
It's all kinda "funny" (as mentioned in the movie "Fargo":
Mr. Mohra: Oh, he was a little guy. Kinda funny lookin'.
Officer Olson: Uh-huh. In what way?
Mr. Mohra: Oh, just in a general kinda way.)
If you can pull off the generalization, that's the best thing to do.
When it comes to specifics, it seems to me that often, especially as
far down the road we are with DNS cruft & history, there's the 10% of
the cases that warrant 90% of the attention. If I were teaching a
class on this, I'd assign the students to read a text that talks the
general case but then stress the odd-ball case in lecture.
For the most part, the recommendation to "use your head will lead you
the right way" is what's needed. Tell them folks out there what you
want them to hear about you. But often times administrators don't
have the time to use their heads and rush into something that results
in leaks. (It's not that they can't use their heads - they just
don't have the time to learn and implement fully.) What everyone
else sees and is stung by is the leaking.
What to do about the reference? Mumble. Ummm. Well, maybe you can
gloss over it by saying "just be careful to not answer queries
inappropriately" and either avoid the term leak - or do what is in
the old RFCs - just define it yet again without detailing it. (I
think "lame delegation" is defined in two or three different RFCs.)
I was going to include the absolutely best answer to your dilemma,
but I ran out of letters trying to write this email's conclus
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis +1-571-434-5468
NeuStar
Dessert - aka Service Pack 1 for lunch.
_______________________________________________
DNSOP mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dnsop
