Hello, I would like early feedback about following idea about interaction between DNS updates (RFC 2136) and classless IN-ADDR.ARPA delegation (RFC 2317).
In short, the RFC 2317 tells me to fill reverse zone with CNAMEs pointing to (potentially) some other zone. At the same time, an attempt to add a PTR record to a node already containing CNAME will fail, possibly without reporting an error to the requester. AFAIK BIND 9.9 just prints an error to log but returns NOERROR to the client. As a result, RFC 2317 breaks dynamic updates for classless reverse zones. I'm going to sketch -00 draft which will attempt to address this by client-side canonization: The client should attempt to resolve whole chain of CNAME/DNAMEs from 1.2.0.192.in-addr.arpa down to terminal node and update the terminal node instead of the original name. Most interesting part of the text will be 'Security Considerations' (considering signed updates). I would welcome early feedback about the idea even before the -00 is published. Thank you very much! -- Petr Spacek @ Red Hat _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
