In message <[email protected]>, Petr Spacek writes: > Hello, > > I would like early feedback about following idea about interaction between DN > S > updates (RFC 2136) and classless IN-ADDR.ARPA delegation (RFC 2317). > > In short, the RFC 2317 tells me to fill reverse zone with CNAMEs pointing to > (potentially) some other zone. > > At the same time, an attempt to add a PTR record to a node already containing > CNAME will fail, possibly without reporting an error to the requester. AFAIK > BIND 9.9 just prints an error to log but returns NOERROR to the client. > > As a result, RFC 2317 breaks dynamic updates for classless reverse zones.
No, it doesn't. Add a appropriate prerequisite and you will a error. nxrrset owner cname add owner ptr hostname A naive client won't work but RFC 2317 has been around for decades now so cnames should be handled. > I'm going to sketch -00 draft which will attempt to address this by > client-side canonization: > > The client should attempt to resolve whole chain of CNAME/DNAMEs from > 1.2.0.192.in-addr.arpa down to terminal node and update the terminal node > instead of the original name. You will get that as a side effect of working out where the zone cut points are. <soa,4.3.2.1.in-addr.arpa> will get back the cname chain (if any) and the appropriate zone soa if rfc2308 is supported either in the answer section or in the authority section. > Most interesting part of the text will be 'Security Considerations' > (considering signed updates). > > I would welcome early feedback about the idea even before the -00 is publishe > d. This shouldn't require a RFC as is it just apply exisiting RFC but if it was to recommend that all nodes attempt to add PTR records for themselves and described handling RFC 2317 as a senario it would be more useful. Similarly handling DNAME. > Thank you very much! > > -- > Petr Spacek @ Red Hat > > _______________________________________________ > DNSOP mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dnsop -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
