ICANN ICANN Email List Archives

[techcheck-comments]


<<< Chronological Index >>>    <<< Thread Index >>>

Request for clarification

  • To: techcheck-comments@xxxxxxxxx
  • Subject: Request for clarification
  • From: Peter Koch <pk@xxxxxxx>
  • Date: Mon, 21 Aug 2006 13:26:07 +0200

To develop a response to the "Technical Checks Used for DNS Root Zone Changes"
posted 2006-08-18, I'd like to ask for some clarifications. These questions
are not meant to express a position pro or con any or all of the checks.

"Background", 4th paragraph differentiates between mandatory checks and
those on a recommendation level. While the subsequent text uses "must" vs.
"should", it is not immediately obvious which check falls into which
category. Please clarify and please also clarify the nature and suspensive
effect, if any, of those checks (12 through 16) performed by the zone editor.
How do checks 12 trough 16 fit into the "High Level Process Flow" documented
in <http://www.iana.org/procedures/process-flow.html>?

Questions regarding particular tests:

1) The term "the same IP address" suggests that a "nameserver" is considered
   a pair of (name, ip-address). In practice, "multihomed" TLD nameservers
   do exist.  Would those be allowed to share addresses with other servers,
   multihomed or not, belonging to the same NS RRSet?

2) Does "13" refer to nameserver names, i.e., the number of NS RRs (as
   opposed to total number of A or AAAA RRs)?

3) Is the total length of the supplied server names and the allowed set
   of characters also checked? If yes, what are the criteria?

4) Please clarify the exact properties of the query used in this test, e.g.
   value of the RD bit, presence of an EDNS0 OPT RR and its content, if
   applicable.
   The last sentence in (4) uses "it" twice. Please clarify who "it has
   limited connectivity" refers to.

5) This test mentions "supplied authoritative nameservers". Are the tests
   executed against the/all supplied addresses (a.k.a. "glue") for these
   servers?
   While this test has a "must", the previous one, which this one seems
   to rely upon, only has a "should". Please clarify the tests' relationship.

7) How many/which resolution paths are checked for this test?
   Is a match considered successful only when the A or AAAA RRSets exactly
   match?
   What happens if at least one CNAME RR is involved in the resolution?

14) What list of "reserved IP addresses" (e.g. RFC 3330) is used here?
    Does the note to (13) apply?

The list of tests makes no reference to item (5) under "IANA Procedures for
Processing Name Server Change Requests" in
<http://www.iana.org/procedures/delegation-data.html>. A similar test is
mentioned as "may be ... should be added" only. Please clarify what the
current procedure regarding response size considerations is (hint: a
document addressing this very topic is under discussion in the IETF DNSOP WG).

The document makes no reference to a "root zone glue policy" that would
have to express under which circumstances glue records are mandatory and/or
accepted. This is important to at least tests (7) and (8).
Please see 
<http://www.ietf.org/internet-drafts/draft-koch-dns-glue-clarifications-01.txt> 
for examples.

-Peter Koch (speaking as an individual)


<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy