in the root (add DNSSEC to taste):
...
evil. NS ns1.evilsrv.wtf.
evil. NS ns2.evilsrv.wtf.
Does not work for the use case of draft-bortzmeyer-dname-root since
you cannot delegate new names to the old AS 112 (see RFC 7535 for the
rationale).
Hi, Stephane. Not to belabor the obvious, but this does not delegate new
names to the old AS112, it delegates them to real servers which use a
DNAME to AS112, and it will work fine, so there is no need to put DNAMEs
in the root zone. I have read RFC7535, and I have also read RFCs 6672 amd
1035 and written a few small DNS servers so I am reasonably sure that I
understand how delegation and DNAMEs work.
To make it easier to understand, imagine that instead of
ns[12].evilsrv.wtf I said [abc].iana-servers.net.
Once again, in the root (add DNSSEC to taste):
...
evil. NS a.iana-servers.net.
evil. NS b.iana-servers.net.
evil. NS c.iana-servers.net.
...
New tiny zone on [abc].iana-servers.net:
evil. SOA whatever
evil. NS a.iana-servers.net.
evil. NS b.iana-servers.net.
evil. NS c.iana-servers.net.
evil. DNAME empty.as112.arpa.
Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
regext mailing list
regext@ietf.org
https://www.ietf.org/mailman/listinfo/regext
