Request for clarification
- To: techcheck-comments@xxxxxxxxx
- Subject: Request for clarification
- From: Peter Koch <pk@xxxxxxx>
- Date: Mon, 21 Aug 2006 13:26:07 +0200
To develop a response to the "Technical Checks Used for DNS Root Zone Changes"
posted 2006-08-18, I'd like to ask for some clarifications. These questions
are not meant to express a position pro or con any or all of the checks.
"Background", 4th paragraph differentiates between mandatory checks and
those on a recommendation level. While the subsequent text uses "must" vs.
"should", it is not immediately obvious which check falls into which
category. Please clarify and please also clarify the nature and suspensive
effect, if any, of those checks (12 through 16) performed by the zone editor.
How do checks 12 trough 16 fit into the "High Level Process Flow" documented
Questions regarding particular tests:
1) The term "the same IP address" suggests that a "nameserver" is considered
a pair of (name, ip-address). In practice, "multihomed" TLD nameservers
do exist. Would those be allowed to share addresses with other servers,
multihomed or not, belonging to the same NS RRSet?
2) Does "13" refer to nameserver names, i.e., the number of NS RRs (as
opposed to total number of A or AAAA RRs)?
3) Is the total length of the supplied server names and the allowed set
of characters also checked? If yes, what are the criteria?
4) Please clarify the exact properties of the query used in this test, e.g.
value of the RD bit, presence of an EDNS0 OPT RR and its content, if
The last sentence in (4) uses "it" twice. Please clarify who "it has
limited connectivity" refers to.
5) This test mentions "supplied authoritative nameservers". Are the tests
executed against the/all supplied addresses (a.k.a. "glue") for these
While this test has a "must", the previous one, which this one seems
to rely upon, only has a "should". Please clarify the tests' relationship.
7) How many/which resolution paths are checked for this test?
Is a match considered successful only when the A or AAAA RRSets exactly
What happens if at least one CNAME RR is involved in the resolution?
14) What list of "reserved IP addresses" (e.g. RFC 3330) is used here?
Does the note to (13) apply?
The list of tests makes no reference to item (5) under "IANA Procedures for
Processing Name Server Change Requests" in
<http://www.iana.org/procedures/delegation-data.html>. A similar test is
mentioned as "may be ... should be added" only. Please clarify what the
current procedure regarding response size considerations is (hint: a
document addressing this very topic is under discussion in the IETF DNSOP WG).
The document makes no reference to a "root zone glue policy" that would
have to express under which circumstances glue records are mandatory and/or
accepted. This is important to at least tests (7) and (8).
-Peter Koch (speaking as an individual)