To:
Jaap Akkerhuis <jaap@sidn.nl>, Ed Lewis <lewis@tislabs.com>, Scott Hollenbeck <shollenb@netsol.com>
cc:
ietf-provreg@cafax.se
From:
Patrik Fältström <paf@cisco.com>
Date:
Mon, 02 Jul 2001 10:37:29 -0700
Content-Disposition:
inline
Sender:
owner-ietf-provreg@cafax.se
Subject:
draft-ietf-provreg-grrp-reqs-02.txt
The IESG have discussed the document draft-ietf-provreg-grrp-reqs-02.txt.
Summary:
The IESG find some issues regarding (1) the use of the term "TLD", (2) the
restrictions on use of NS and glue in zones and (3) the use of the term MAY
in the document.
Conclusion: A new document is needed after these issues are resolved. We
advice the wg/author to resolv issue (2) in close cooperation with the
DNSEXT and DNSOP wg's.
When a new version of the document is announced, please let me and rest of
IESG know explicitly.
In more detail:
(1) Use of the term TLD
In the following sections...
1.1 (Definition of Registry)
2.1 System Perspective
2.2 System Functions
2.4 Assumptions
3.4.2 [5] (Where NS is registered)
8.2 Operational Requirements [1] (Whether human intervention
is needed or not)
...the document talk about about "TLD", when the registry function you
describe have nothing to do with whether we talk about a registry for a TLD
or any other domain further down in the tree. I know this have been brought
this up before on the mailing list, but we need to talk about it again.
You should remove the explicit notion of TLD and replace with other
wordings.
(2) Restrictions on glue and NS
In section 3.4.2 you have the following text:
[3] The protocol MUST provide services to register name servers. Name
server registration MUST NOT be limited to a specific period of time.
Name servers MUST be registered with a valid IPv4 or IPv6 address when
a "glue record" is REQUIRED for domain delegation. A name server MAY
be registered with multiple IP addresses. An IP address MAY be shared
among multiple name servers using distinct server names.
:
[5] Name servers associated with a domain MAY be registered in a
different domain or even in a TLD for which the registry is not
authoritative. This means that IP addresses for name servers whose
domain name exists in another TLD MUST be registered only in the
registry that is authoritative for the TLD of the name server. Glue
records (DNS "A" records) MUST only be created for DNS "NS" records
for which the registry is authoritative.
Note that [3] talk about "NS is registered when a Glue is needed". [5] on
the other hand say that glue is only to be added when the NS is in a domain
for which the registry is authoritative.
Now, we can have the following theoretical setup:
In the registry for the foo TLD:
frotz.foo. IN NS ns.fizzle.bar.
In the registry for the bar TLD:
fizzle.bar. IN NS ns.frotz.foo.
[3] above say that glue must be added somewhere (it has to), but [5] say
that the glue can not be added to either of the zones. Everyone knows that
one should only add in a case which [5] describe, BUT also whenever one
find that a glue is needed (theoretical case above).
The IESG want the provreg wg to in close discussions with the DNSEXT and
DNSOP wg's resolve what the text and requirements should be. Should it be
described what can be done with DNS (theoretical example above), or should
we be more restrictive (all the way to "only one nameserver name per host
is allowed") to limit the amount of misconfigured nameservers out there?
(3) The use of the term MAY in this document
The IESG feel that the term MAY is describing the application which uses
this protocol and not the protocol itself, and therefore the term is used
in the wrong way. Example, if as it says a domain MAY have two nameservers
or more, then the protocol MUST be able to handle that case.
We ask you to go through all use of uppercase MUST/MAY etc in the document
and change so the uppercase words are really used for the protocol. If the
application / functionality is described, lowercase words should be used
(and the fact it describes the application should be more explicit).
Patrik