DNSOP mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Mark.Andrews@nominum.com
Cc: dnsop@cafax.se
From: Nathan Jones <nathanj@optimo.com.au>
Date: Wed, 7 Feb 2001 14:11:16 +1100
In-Reply-To: <200102062254.f16MsZN94314@drugs.dv.isc.org>; from Mark.Andrews@nominum.com on Wed, Feb 07, 2001 at 09:54:35AM +1100
Sender: owner-dnsop@cafax.se
Subject: Re: Bogus nic.fr behavior

On Wed, Feb 07, 2001 at 09:54:35AM +1100, Mark.Andrews@nominum.com wrote:
> kre wrote:

>> Allowing configurations where the new servers list the old servers just
>> begs for the new servers to do that, without the old servers ever having
>> any idea it is happening - which is a genuine recipe for making a
>> gigantic mess.
>
>	Subset.
>
>	Parent old  Child old
>		new servers commissioned
>	Parent old  Child old + new
>		inform parent
>	Parent new  Child old + new
>	Parent new  Child new
>		ttls expired, old servers de-commissioned

How does the parent know that the child will remove the old NS records
from the RRset after delegation? As Robert alluded to in his final
paragraph, the new servers might just leave old servers listed, even
through the old servers are no longer serving the zone.

Forcing the -new- servers to have the -new- records seems natural to
me. Sure there will be a brief period where the parent's RRset does
not match the new child's RRset, but the same situation exists in your
subset example.

>	Forced match.
>
>	Parent old  Child old
>		new servers commissioned
>	Parent old  Child old + new
>		inform parent
>	Parent old + new   Child old + new
>	Parent old + new   Child new
>		inform parent
>	Parent new   Child new
>		ttls expired, old servers de-commissioned

Forced match doesn't mean you have to delegate twice; you simply
delegate to new servers with new records, rather than both new and old
records. Like your final example, actually, but I don't see that it
breaks the zone any more than your subset example:

>	I am not saying
>
>	Parent old  Child old
>		new servers commissioned
>	Parent old  Child new	*** broken zone ***
>		inform parent
>	Parent new  Child new
>		ttls expired, old servers de-commissioned

When you say "parent old  child new" are you referring to the old
servers or the new servers? There are two variations:

1. Parent has old NS RRset. Old server has old NS RRset. New server
   has new NS RRset. Then the zone is redelegated from old to new.
   How is this broken? The NS RRset held by the parent always matches
   the RRset held by the child those NS records point to.

2. Parent has old NS RRset. Both old and new servers have new NS
   RRset. (Say, if the old servers are set up to secondary the new
   servers.) Then the zone is redelegated from old to new.
   Sure, there is a brief period where the parent's RRset doesn't
   match the old servers' RRset, but at least queries will be answered
   with new data.

--
nathanj

References:
- Re: Bogus nic.fr behavior
  - From: Robert Elz <kre@munnari.OZ.AU>
- Re: Bogus nic.fr behavior
  - From: Mark.Andrews@nominum.com

Prev by Date: Re: Bogus nic.fr behavior
Next by Date: Re: Bogus nic.fr behavior
Prev by thread: Re: Bogus nic.fr behavior
Next by thread: Re: Bogus nic.fr behavior
Index(es):
- Date
- Thread

Home | Date list | Subject list