Re: [DNSOP] NOTIFY: How to locate the target

Thu, 09 Nov 2023 02:12:36 -0800 

On Wed, 8 Nov 2023, Brian Dickson wrote:

The target for a NOTIFY would necessarily be found in the SOA record of the
registrant's zone, not the parent's zone. I think that's where the
confusion has arisen.


There's definitely confusion here but I don't think it's mine.


The child (registrant) puts a CDS record in its zone, and then it wants 
the parent (registry and/or registrar) to look at it and update the DS in 
the parent (typically TLD zone) so it needs to notify the parent to tell 
it to take a look. The child's SOA lists the child's own primary NS, not 
the parent's, so notifying itself won't help.



Apropos Joe's message, the child could hypothetically try and send the 
NOTIFTY to the parent SOA, e.g. a.gtld-servers.net for .com or .net.  But 
those are clouds of anycast servers and even if you can get that to work, 
they belong to the registry while the notify needs go go to the registrar 
so it can update the registry via EPP.



One might wave one's hands frantically and imagine there is some way to do 
reverse anycast plus magic forwarding to the registrar, but I am not going 
to go there.



BTW, this use of registrant's zone's SOA.MNAME supports both the non-hidden
master/signer, and the hidden master/signer use cases, AFAICT.



This makes no sense at all.  Beyond the fact that it's the wrong SOA, the 
point of a hidden primary is that it's hidden.  Putting it in an SOA would 
spill the beans.



ICANN's CZDS distributes copies of TLD zone files which they fetch via 
daily AXFR from stealth zone primaries.  For a while, they were just 
dumping the AXFR output into the files including a comment that had the 
address of the primary.  They were very embarassed when I told them I knew 
where all the stealth primaries were because they told me, and they 
promptly edited the comments out.  People care that stealth is stealthy.


Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop






















					Reply via email to