On Wed, 8 Nov 2023, Brian Dickson wrote:
The target for a NOTIFY would necessarily be found in the SOA record of the
registrant's zone, not the parent's zone. I think that's where the
confusion has arisen.
There's definitely confusion here but I don't think it's mine.
The child (registrant) puts a CDS record in its zone, and then it wants
the parent (registry and/or registrar) to look at it and update the DS in
the parent (typically TLD zone) so it needs to notify the parent to tell
it to take a look. The child's SOA lists the child's own primary NS, not
the parent's, so notifying itself won't help.
Apropos Joe's message, the child could hypothetically try and send the
NOTIFTY to the parent SOA, e.g. a.gtld-servers.net for .com or .net. But
those are clouds of anycast servers and even if you can get that to work,
they belong to the registry while the notify needs go go to the registrar
so it can update the registry via EPP.
One might wave one's hands frantically and imagine there is some way to do
reverse anycast plus magic forwarding to the registrar, but I am not going
to go there.
BTW, this use of registrant's zone's SOA.MNAME supports both the non-hidden
master/signer, and the hidden master/signer use cases, AFAICT.
This makes no sense at all. Beyond the fact that it's the wrong SOA, the
point of a hidden primary is that it's hidden. Putting it in an SOA would
spill the beans.
ICANN's CZDS distributes copies of TLD zone files which they fetch via
daily AXFR from stealth zone primaries. For a while, they were just
dumping the AXFR output into the files including a comment that had the
address of the primary. They were very embarassed when I told them I knew
where all the stealth primaries were because they told me, and they
promptly edited the comments out. People care that stealth is stealthy.
Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop