John Levine wrote:
Over in bind-users somone suggested a CIDR rDNS kludge in which you delegate a bunch of names out of a rDNS zone to a second server, and the second server answers them all from one zone, like this $ORIGIN 1.1.1.in-addr.arpa. @ SOA blah 10 NS otherserver 11 NS otherserver 12 NS otherserver
in RFC 2317 we do this with CNAME not NS. did the proponent explain why CNAME wasn't suitable for her purposes?
and on the other server $ORIGIN 1.1.1.in-addr.arpa. @ SOA blah 10 PTR foo 11 PTR bar 12 PTR baz That is, the two zones have the same apex, and NS records point into the interior of the second zone, not at the apex. That works in BIND, of course, but it seems wrong. I am having trouble tracking down the specification of why it is wrong.
if the old domain-obscenity-checker (DoC) which came out with the domain-information-groper (DiG) back in the 1980's says it's wrong, then it's wrong. if the specifications don't cover this case, they are incomplete. or at least, that's how i do things.
Any sugestions? It would fail with DNSSEC since there's no DNSKEY to match the delegation DS, but how wrong was it before that? Signed, Confused
first i'd have to know what problem caused by CNAME in the outer zone they think they are solving using NS.
-- P Vixie _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
