On Oct 16 2009, Chris Thompson wrote: > On Oct 16 2009, Alfred Hönes wrote: > >> Another point: >> >> The draft is speaking abut "DNAME _in_ the root". >> >> According to my surficial knowledge, DNAME RRs 'live' >> at the _apex_ of the zone that shall be redirected, not >> at the delegation point -- or did I miss something? >> Within each zone, there may be at most one DNAME RR, >> and if so, it must be at the apex of the zone. > > That's just wrong. DNAMEs can occur anywhere within a zone > (including at the apex, but not restricted to it), and there > can be as many as you like within a zone, subject only to the > constraint that no RR has a name subordinate to that of a DNAME.
I don't think so. Here's a full section from draft-ietf-dnsext-rfc2672bis-dname-17 (expected to be shipped to the IESG soon) : 2.3. DNAME Apex not Redirected itself Unlike a CNAME RR, a DNAME RR redirects DNS names subordinate to its owner name; the owner name of a DNAME is not redirected itself. The domain name that owns a DNAME record is allowed to have other resource record types at that domain name, except DNAMEs, CNAMEs or other types that have restrictions on what they can co-exist with. |> DNAME RRs are not allowed at the parent side of a delegation point |> but are allowed at a zone apex. There still is a need to have the customary SOA and NS resource records at the zone apex. This means that DNAME does not mirror a zone completely, as it does not mirror the zone apex. These rules also allow DNAME records to be queried through RFC 1034 [RFC1034] compliant, DNAME-unaware caches. That's been uncontroversial consensus in DNSEXT, with full support of DNS implementers, IIRC. The last paragraph is at the heart of the matter, and it should mitigate the concerns in the tld-variant draft! > (So *if* you have one at the apex, *then* you can't have any > others, certainly.) True. > > A zone that *does* have a DNAME at the apex (and nothing else > but SOA and NS records) ... ... or TXT or whatever you like or need -- don't forget DNSSEC RRs! > ... is positively crying out to have the > DNAME pulled up into that parent zone, *replacing* the > delegation there. ... This is just moot! > ... (I've got reverse zones I would love that > to happen to, if only the parent zone administrators would > co-operate...) They are well advised to not do that! > > -- > Chris Thompson University of Cambridge Computing Service, > Email: c...@ucs.cam.ac.uk New Museums Site, Cambridge CB2 3QH, > Phone: +44 1223 334715 United Kingdom. Best regards, Alfred. -- +------------------------+--------------------------------------------+ | TR-Sys Alfred Hoenes | Alfred Hoenes Dipl.-Math., Dipl.-Phys. | | Gerlinger Strasse 12 | Phone: (+49)7156/9635-0, Fax: -18 | | D-71254 Ditzingen | E-Mail: a...@tr-sys.de | +------------------------+--------------------------------------------+ _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
