To:
Jaap Akkerhuis <jaap@sidn.nl>, Ed Lewis <lewis@tislabs.com>, Scott Hollenbeck <shollenb@netsol.com>
cc:
ietf-provreg@cafax.se
From:
Patrik Fältström <paf@cisco.com>
Date:
Mon, 02 Jul 2001 10:37:29 -0700
Content-Disposition:
inline
Sender:
owner-ietf-provreg@cafax.se
Subject:
draft-ietf-provreg-grrp-reqs-02.txt
The IESG have discussed the document draft-ietf-provreg-grrp-reqs-02.txt. Summary: The IESG find some issues regarding (1) the use of the term "TLD", (2) the restrictions on use of NS and glue in zones and (3) the use of the term MAY in the document. Conclusion: A new document is needed after these issues are resolved. We advice the wg/author to resolv issue (2) in close cooperation with the DNSEXT and DNSOP wg's. When a new version of the document is announced, please let me and rest of IESG know explicitly. In more detail: (1) Use of the term TLD In the following sections... 1.1 (Definition of Registry) 2.1 System Perspective 2.2 System Functions 2.4 Assumptions 3.4.2 [5] (Where NS is registered) 8.2 Operational Requirements [1] (Whether human intervention is needed or not) ...the document talk about about "TLD", when the registry function you describe have nothing to do with whether we talk about a registry for a TLD or any other domain further down in the tree. I know this have been brought this up before on the mailing list, but we need to talk about it again. You should remove the explicit notion of TLD and replace with other wordings. (2) Restrictions on glue and NS In section 3.4.2 you have the following text: [3] The protocol MUST provide services to register name servers. Name server registration MUST NOT be limited to a specific period of time. Name servers MUST be registered with a valid IPv4 or IPv6 address when a "glue record" is REQUIRED for domain delegation. A name server MAY be registered with multiple IP addresses. An IP address MAY be shared among multiple name servers using distinct server names. : [5] Name servers associated with a domain MAY be registered in a different domain or even in a TLD for which the registry is not authoritative. This means that IP addresses for name servers whose domain name exists in another TLD MUST be registered only in the registry that is authoritative for the TLD of the name server. Glue records (DNS "A" records) MUST only be created for DNS "NS" records for which the registry is authoritative. Note that [3] talk about "NS is registered when a Glue is needed". [5] on the other hand say that glue is only to be added when the NS is in a domain for which the registry is authoritative. Now, we can have the following theoretical setup: In the registry for the foo TLD: frotz.foo. IN NS ns.fizzle.bar. In the registry for the bar TLD: fizzle.bar. IN NS ns.frotz.foo. [3] above say that glue must be added somewhere (it has to), but [5] say that the glue can not be added to either of the zones. Everyone knows that one should only add in a case which [5] describe, BUT also whenever one find that a glue is needed (theoretical case above). The IESG want the provreg wg to in close discussions with the DNSEXT and DNSOP wg's resolve what the text and requirements should be. Should it be described what can be done with DNS (theoretical example above), or should we be more restrictive (all the way to "only one nameserver name per host is allowed") to limit the amount of misconfigured nameservers out there? (3) The use of the term MAY in this document The IESG feel that the term MAY is describing the application which uses this protocol and not the protocol itself, and therefore the term is used in the wrong way. Example, if as it says a domain MAY have two nameservers or more, then the protocol MUST be able to handle that case. We ask you to go through all use of uppercase MUST/MAY etc in the document and change so the uppercase words are really used for the protocol. If the application / functionality is described, lowercase words should be used (and the fact it describes the application should be more explicit). Patrik