On Friday, 17 April 2020 19:48:48 UTC Olafur Gudmundsson wrote: > > On Jan 22, 2020, at 11:16 PM, Paul Vixie <p...@redbarn.org> wrote: > > > > ... > > > > historians please note: we should have put the DS RRset at $child._dnssec. > > $parent, so that there was no exception to the rule whereby the delegation > > point belongs to the child. this was an unforced error; we were just > > careless. so, example._dnssec.com rather than example.com. > > Paul, > If start talking about history and looking back with hindsight > > IMHO the second biggest mistake in DNS design was to have the same type in > both parent and child zone If RFC1035 had specified DEL record in parent > and NS in child or the other way around it would have been obvious to > specify a range of records that were parent only (just like meta records) > thus all resolvers from the get go would have known that types in that > range only reside at the parent. …… > If we had the DEL record then that could also have provided the glue hints > and no need for additional processing, > > You may recall that in 1995 when you and I were trying to formalize for > DNSSEC what the the exact semantics of NS record were, then you and Paul > Mockapetris came up with “Parent is authoritative for the existence of NS > record, Child is authoritative for the contents” > > Just in case you are wondering what was the biggest mistake that is QR bit, > recursion should have been on a different port than Authoritative. > > But this is all hindsight based on 30 years of coding and operational > difficulties. > > Regards, > Ólafur
other than that i think you meant the RD bit, and that you're reminding me (indirectly) of all the times i should have been smarter or more polite or both, i am +1 to your comments above. -- Paul _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
