On 8 feb. 2016, at 11:00, Ralf Weber <[email protected]> wrote: > I would soften some of language and have a question. > > 5.1. There are use cases where the serial number rarely if ever is the same > on all servers and it's only really used inside communication for a given > domain and not during resolution. So the only people who know if a divergent > serial number is a problem are the domain owners. So we shouldn't tell the > public that this is a problem. I would say that a different SOA serial number > could be seen as an indicator of an inconsistent setup, but that further > analysis is required to really conclude that.
(now https://github.com/CENTRccTLDs/TRTF/issues/64) I agree, we should write something along that line. > 6.2 The name servers SHOULD NOT belong to the same AS > I would drop that requirement altogether or make it a MAY. We really should > not tell people how to build networks from the DNS world. I would agree, but on the other hand it's apparent that a lot still make really bad choices, such as putting all of their authoritative name servers on a single LAN or site. There are exceptions for the "belong to same AS", can we perhaps try to state those? > 8.7 We should point out here that neither an MX nor an A record are required > at the zone apex or do you want either of them mandatory? This depends on the parent zone policy. IMHO, any requirement for a domain to accept email is moot, but there are still TLDs that require this I understand. > On the SOA settings I do have a question. Would the following SOA be > legitimate according to this draft? > localhost. root.localhost. 1115106304 16384 2048 1048576 2560 > If not why not, as my spot checking didn't find anything that made it invalid. Yes, but it looks funky. Can we do better by accepting reserved names (such as localhost., example.com)? jakob _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
