In message <prayer.1.3.5.1312091441040.15...@hermes-2.csi.cam.ac.uk>, Chris Tho mpson writes: > On Dec 7 2013, Joe Abley wrote: > > >On 2013-12-05, at 07:15, Chris Thompson <c...@cam.ac.uk> wrote: > [...] > >> How would such DNAMEs interact with use of BIND's "root-delegation-only" > >> (or equivalents, if any, in other software)? Do we have any idea how > >> widespread use of that option is? > > > >I don't recall there ever being a time when the default behaviour of BIND9 > >was to insist on delegation-only behaviour from the *root* zone. As I > >remember those fun and exciting, lawyer-infested times the delegation-only > >behaviour was applied to all TLD zones, except those that were specified > >as needing to be otherwise. > > Well the BIND9 ARM says > > | root-delegation-only > | > | Turn on enforcement of delegation-only in TLDs (top level domains) > | and root zones with an optional exclude list. > > so I presume it *is* meant to apply to the root zone. In the absence > of an offending RR in the real root zone, I suppose I would have to > set up a configuration with a fake root to confirm that. > > root-delegation-only has never been a distribution BIND default, and > the words about it in the ARM should be enough to put anyone reading > them off the idea, Could it be in packaged configurations, though? > Or just in private configurations dating from the 10-years-ago > "*.com" wildcard era and not modified since?
And if they have it and then some lookups will fail until they fix their configuration. You can say similar things about running old servers which have bugs in DNAME handling. One can play "what if" games all day. > -- > Chris Thompson University of Cambridge Computing Service, > Email: c...@ucs.cam.ac.uk Roger Needham Building, 7 JJ Thomson Avenue, > Phone: +44 1223 334715 Cambridge CB3 0RB, United Kingdom. > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
