To:
Gunnar Lindberg <lindberg@cdg.chalmers.se>
cc:
dnsop@cafax.se, marka@isc.org
From:
marka@isc.org
Date:
Tue, 29 Jun 1999 18:35:21 +1000
In-reply-to:
Your message of "Tue, 29 Jun 1999 09:46:09 +0200." <199906290746.JAA10288@wentzl.cdg.chalmers.se>
Sender:
owner-dnsop@cafax.se
Subject:
Re: Primary also being secondary
> >From owner-dnsop@cafax.se Mon Jun 28 17:23:23 1999 > >From: marka@isc.org > >Message-Id: <199906281521.BAA04760@bsdi.dv.isc.org> > >To: Gunnar Lindberg <lindberg@cdg.chalmers.se> > >cc: dnsop@cafax.se > >Subject: Re: Primary also being secondary > >In-reply-to: Your message of "Mon, 28 Jun 1999 15:11:57 +0200." > >Date: Tue, 29 Jun 1999 01:21:54 +1000 > > > >> ... > >>: hemmet.s-hem.chalmers.se. > >>: IN NS glutus.hemmet.s-hem.chalmers.se.hemmet.s-hem.chalmers.se. > >>: IN NS ns1.chalmers.se.hemmet.s-hem.chalmers.se. > >> ... > > > When you delegate authority you delegate the authority for ALL > > record types (NXT is a special case). The child zone is always > > correct. > > Hm :-). > > Besides: If I delegate a subdomain, one could think *I* am the one to > decide who it's delegated to, i.e. which NS:s should be trusted. No. You delegate responsability to the person who's contact address is listed in the SOA. It is his, not your, responsability to ensure nameservers are configured. Ensuring that the parent zone has the correct NS list by informing you when the NS list changes. Ensure that you learn about changes to glue address records. > > > NOTE: If the rules about which copy of the NS rrset were > > reversed > > you can create the same error by switching the roles around. > > Yes and no. > > Yes, I can screw up the upper zone just like everybody else. > > But, No, when I've screwed up and correct the error, I will increment > the version number and thus the secondary will eventuelly get correct > data. What happened here was that the upper zone's secondary had in- > correct data, stamped with THE SAME VERSION NUMBER as the updated, > correct, data and thus this error could have persited for ever. And if you were to reverse the roles the secondary for the child zone would get the bad data with THE SAME VERSION NUMBER and then be handing it out. > > This may be minor in real life, but I'm anyhow glad to hear than BIND9 > will do it differently. > > Gunnar > Mark -- Mark Andrews, Internet Software Consortium 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org