On Thu, 27 Dec 2018 at 11:27, John Levine <jo...@taugh.com> wrote: > Over in bind-users somone suggested a CIDR rDNS kludge in which you > delegate a bunch of names out of a rDNS zone to a second server, > and the second server answers them all from one zone, like this > > $ORIGIN 1.1.1.in-addr.arpa. > @ SOA blah > > 10 NS otherserver > 11 NS otherserver > 12 NS otherserver > > > and on the other server > > $ORIGIN 1.1.1.in-addr.arpa. > @ SOA blah > > 10 PTR foo > 11 PTR bar > 12 PTR baz > > That is, the two zones have the same apex, and NS records point into > the interior of the second zone, not at the apex. That works in BIND, > of course, but it seems wrong. I am having trouble tracking down the > specification of why it is wrong. > > Any sugestions? It would fail with DNSSEC since there's no DNSKEY > to match the delegation DS, but how wrong was it before that? > > Signed, > Confused >
So, the NS listed in some zone above would be "wrong", i.e. the glue records point to namservers hosting a zone with these different nameservers? Seems like a resolver being pedantic about glue records might be nonplussed.
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
