Hi Benno, all,
I just went over the updated wording in draft-ietf-dnsop-rfc8499bis-05, and the
paragraph
https://www.ietf.org/archive/id/draft-ietf-dnsop-rfc8499bis-05.html#section-7-2.36
caught my attention.
It uses the term "zone origin", but doesn't say whether it relates to the
parent or child zone. I was assuming the child, and it took me a while to make sense of
it (until I noticed that it must mean the parent).
I'd like to suggest clarifying that paragraph. That brings me to your question
below:
On 11/25/22 14:38, Benno Overeinder wrote:
Thank you for your input and your suggestion to come up with a more specific terminology for the
"historical" out-of-bailiwick term. In the definition of in-domain and sibling domain,
you suggest using the 0th and 1st order in the definition? And for out-of-bailiwick use a term
like "2nd+ order nameservers"?
Pretty much. Here is a version of it that's hopefully better to grasp than my
previous post, and has examples.
There are various degrees of relationship between a delegation and its
name servers. The degree depends on where theirdelegation paths from
the root intersect with the delegated zone's delegation path.
To establish the degree of relationship for a given name server, count
how many zone cuts in the delegation path from the root to the zone of
interest are shared by the delegation path of that name server. This is
a measure of unrelatedness between the zone and its name server, called
"degree ofkinship".
If the degree is 0, then the NS hostname is "in-domain". For example,
a delegation for "child.example.com" might have an in-domain name server
called "ns.child.example.com". The name server name has all the zone
cuts from the root that the delegated domain has.
If this number is non-zero, then the delegation path to the name server
name branches off from the zone's delegation path. The "degree of
kinship" tells you how many zone cuts above the zone of interest this
happens. For example, a delegation for "child.example.com" in the
"example.com" zone might have a "sibling domain" name server called
"ns.another.example.com", which does not share the final zonecut of
"child.example.com". The branching is at "example.com", and the degree
of kinship is 1.
An unrelated relationship is one where the degree of kinship is larger
than 1. For example, the delegation for "example.jp" might have an
name server "ns.example.com". The delegation paths alreadydiverge at
the root, 2 zone cuts above "example.jp".
This may be a bit verbose, but I'm sure it can be reduced to four paragraphs,
if needed, that are easier to digest than the four paragraphs the draft
currently has for these definitions.
While writing the above, I again stumbled over the term "unrelated name server". It could
mean all kinds of things, such as a name server that doesn't claim to be authoritative. People
don't always have the definitions at hand, and I think using that term is a risky choice
(especially as "unrelated" is a word from every-day language).
Best,
Peter
PS: Sorry for digging up this old message (and for not responding earlier; I
missed it).
I'd love to hear from other DNSOP participants if there is any support for
Peter or any other suggestions for a good, more specific alternative term for
out-of-bailiwick?
-- Benno
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
--
Like our community service? 💛
Please consider donating at
https://desec.io/
deSEC e.V.
Kyffhäuserstr. 5
10781 Berlin
Germany
Vorstandsvorsitz: Nils Wisiol
Registergericht: AG Berlin (Charlottenburg) VR 37525
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
