On Fri, Aug 26, 2022 at 07:29:06AM -0400, Ben Schwartz wrote:
> > I also noted an issue around the initial $QNAME having prefix labels (in
> > the case of SVCB rather than HTTPS), and so this is likely not the name
> > you want appended as a fallback to the target list.
> >
>
> Indeed, I think this is a clarity/precision problem that we should
> correct. Specifically, this "final value of $QNAME" endpoint is only used
> if it is not the initial value of $QNAME (i.e. if an AliasMode record was
> found).
Yes, and I think this was mostly an editorial omission, I seems unlikely
that this edge case was intentional. This will I hope be corrected.
> > Similarly, if an AliasMode target has attrleaf labels, RFC1123 seems to
> > preclude publishing A/AAAA records there, making some of the example
> > configurations in the draft impractical.
>
> I don't agree with this reading of RFC 1123. There is no requirement that
> address records only be placed on hostnames, and there is no requirement
> that TargetName be a hostname. If I were making an argument here, it might
> be about compatibility with RFC 8553 (Attrleaf), but hopefully this is
> mostly moot per the above.
Well, the maintainers of BIND don't seem to take this more liberal
interpretation:
https://bind9.readthedocs.io/en/v9_18_6/reference.html#glossary-of-terms-used
check-names
Grammar zone (hint, mirror, primary, secondary, stub):
check-names ( fail | warn | ignore );
Grammar options, view:
check-names ( primary | master | secondary | slave | response )
( fail | warn | ignore ); // may occur multiple times
Blocks: options, view, zone (hint, mirror, primary, secondary,
stub)
Tags: server, query
Restricts the character set and syntax of certain domain names
in primary files and/or DNS responses received from the network.
This option is used to restrict the character set and syntax of
certain domain names in primary files and/or DNS responses
received from the network. The default varies according to usage
area. For type primary zones the default is fail. For type
secondary zones the default is warn. For answers received from
the network (response), the default is ignore.
The rules for legal hostnames and mail domains are derived from
RFC 952 and RFC 821 as modified by RFC 1123.
--> check-names applies to the owner names of A, AAAA, and MX
--> records. It also applies to the domain names in the RDATA of NS,
--> SOA, MX, and SRV records. It further applies to the RDATA of PTR
--> records where the owner name indicates that it is a reverse
--> lookup of a hostname (the owner name ends in IN-ADDR.ARPA,
--> IP6.ARPA, or IP6.INT).
--
Viktor.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
