To:
ngtrans@sunroof.eng.sun.com, namedroppers@ops.ietf.org, ipng@sunroof.eng.sun.com, dnsop@cafax.se
From:
"D. J. Bernstein" <djb@cr.yp.to>
Date:
2 Aug 2001 12:37:50 -0000
Automatic-Legal-Notices:
Copyright 2001, D. J. Bernstein. My transmission of this message to you does not constitute a copyright waiver or any other limitation of my rights, even if you have told me otherwise.
Content-Disposition:
inline
Subject:
Re: Joint DNSEXT & NGTRANS agenda
Robert Elz writes: > This is just standard glue processing (the way it is supposed to be > done anyway). That's not what the DNS standards say. RFC 1034 states quite clearly that glue is necessary only for in-bailiwick names. RFC 1537 says the same thing, and specifically recommends against glue for out-of-bailiwick names. So does RFC 1912. So does the c.p.t-i.d FAQ: ``Adding [out-of-bailiwick glue] is a very bad idea.'' Of course, BIND has thrown away out-of-bailiwick glue for years. You claim that discrimination against out-of-bailiwick glue poses ``a problem that can't easily be fixed.'' That's absurd. The fix is trivial: use in-bailiwick names. What's important---what avoids the reliability problems---is to have all the information available on the server. This is why I tell my users to select in-bailiwick names (the server _must_ collect the address in this case) and to avoid CNAME records. It's also why I oppose A6 and DNAME. > What your web page said was ... > Even if the address is provided, the cache won't accept it > because .net addresses are not within the bailiwick of a .com server; > this is the standard protection against poison. You are taking this out of context. The crucial point is that the address is _not_ provided. The next paragraph on my web page explains this in more detail. > | The client avoids the extra lookups and the possibility of loops. > And instead, the server does the extra lookups, and gets the possibility > of loops? Wrong. Server-side indirection never causes loops. You would understand this if you read my web page: http://cr.yp.to/djbdns/killa6.html ---Dan