[prev in list] [next in list] [prev in thread] [next in thread] 

List:       namedroppers
Subject:    Re: DNSSEXT Yokohama Minutes
From:       Robert Elz <kre () munnari ! OZ ! AU>
Date:       2002-09-20 11:39:20
[Download RAW message or body]

    Date:        Fri, 20 Sep 2002 10:20:40 +1000
    From:        Mark.Andrews@isc.org
    Message-ID:  <200209200020.g8K0KeB5065232@drugs.dv.isc.org>

  | 	Well I've always read "that wildcards don't survive delegations"
  | 	to mean that wildcards can't apply to delgations as you have
  | 	delegated "foo.example.com" hence the wildcard can't match
  | 	"foo.example.com".

But that would be meaningless, as (at least without wildcard NS records).
If foo.example.com exists, then it is a 

   - When the query name or a name between the wildcard domain and
     the query name is know to exist.
[sic]

We wold know that foo.example.com exists, if we have explicitly delegated
it, obviously, and hence the wildcard could not apply to anything below
foo.example.com (just as it could not if foo.example.com merely had an A
record, it is still a known name, and hence, the wildcard *.example.com
cannot make www.foo.example.com exist).

Hence, what is

   - When the query is in another zone.  That is, delegation cancels
     the wildcard defaults.

actually for?   Here I'm guessing, not stating the intent of the time,
or of the authors.   But it might be interpreted as assuming

	* IN NS xxx

delegates every (unknown) sub-domain.   Then every query to anything
a.b.$ORIGIN would necessarily be to something in another zone, as the
wildcard would delegate b.$ORIGIN (should anyone bother to ask).
Then, the restriction would mean that this delegation cancels the wildcard.
and in particular, www.foo.example.com. would not match the wildcard
in my previous message, but foo.example.com. would be delegated, implicitly,
and hence a referral would be correct behaviour.

I'm not attached to this interpretation in any way, I'm not claiming that
it is the correct one (any better knowledge on why this particular
restriction is there gratefully accepted - even better if backed by some
contemporary evidence, rather than "looking back, it must have meant...)

Mark.Andrews@isc.org said in another message:
| 	I meant the parent server says that a zone "www.foo.example.com"
| 	exists then the child says I serving "foo.example.com" not
| 	"www.foo.example.com". 

Yes, I know, but if the correct interpretation of the wildcard were that
www.foo.example.com was delegated, then I would have made the server for
the child serve that zone.   It was the way it was, only because I was
assuming the interpretation above.

kre


--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>
[prev in list] [next in list] [prev in thread] [next in thread]