On 2/22/13 2:27 PM, "Warren Kumari" <[email protected]> wrote: > >(If folk feel sufficiently strongly we *could* even strip a label off, so >that the synthesized SOA is not the same as the NXD. *This* feel really >hacks, but putting it out there...)
Uh, definitely not. The whole point is you don't know from where the delegation comes, e.g. at what depth in the label tree. However, there is another UGLY, EVIL way that might achieve what you're thinking of: Instead of delegating to omniscient AS112 servers, what about doing a DNAME to a specific target "foo" (replace "foo" with what you will) in the DNS tree? Then, that location "foo" can be the SOA to use (which does not change regardless of the original question), along with any synthesized NXDOMAIN response. I did say it was evil. :-) Brian P.S. Example case: 10.in-addr.arpa. DNAME as112-leaf.prisoner.iana.org. Imagine the recursive wants an answer for the question: 1.1.1.10.in-addr.arpa. IN PTR Any root provides the above DNAME The local omniscient-112 server sees the question: 1.1.1.as112-leaf.prisoner.iana.org. The local omniscient-112 server gives the following answer: ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41208 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;1.1.1.as112-leaf.prisoner.iana.org. IN PTR ;; AUTHORITY SECTION: as112-leaf.prisoner.iana.org. 604800 IN SOA prisoner.iana.org. hostmaster.root-servers.org. 1 604800 900 604800 604800 ;; Query time: 3 msec ;; SERVER: 192.175.48.6#53(192.175.48.6) ;; WHEN: Fri Feb 22 13:45:36 2013 ;; MSG SIZE rcvd: 116 And the recursive resolver would give the following answer (or something like it) to the client: (The CNAME is synthesized from the question and the DNAME, if I understand the relevant RFCs.) (I'm not sure if the recursive would send the SOA/Authority component) ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41208 ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;1.1.1.as112-leaf.prisoner.iana.org. IN PTR ;; ANSWER SECTION 10.in-addr.arpa. DNAME as112-leaf.prisoner.iana.org. 1.1.1.10.in-addr.arpa. CNAME 1.1.1.as112-leaf.prisoner.iana.org. ;; AUTHORITY SECTION: as112-leaf.prisoner.iana.org. 604800 IN SOA prisoner.iana.org. hostmaster.root-servers.org. 1 604800 900 604800 604800 ;; Query time: 3 msec ;; SERVER: 192.175.48.6#53(192.175.48.6) ;; WHEN: Fri Feb 22 13:45:36 2013 ;; MSG SIZE rcvd: xxxx _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
