Delegations

Doug Barton dougb at dougbarton.us
Wed Oct 31 22:39:56 UTC 2012


On 10/31/2012 03:22 PM, Chris Thompson wrote:
> On Oct 31 2012, Kevin Darcy wrote:
> 
> [...snip...]
>> I know of at least 2 commerically-available DNS maintenance systems
>> that, by default, do not allow what they call "dotted hostnames", by
>> which they mean a name which is at least 2 labels below a zone cut, e.g.
>> "foo.bar" in the "example.com" zone. Their underlying assumption seems
>> to be that *every* level of the hierarchy will, in the
>> usual/typical/default case, be delegated.
>>
>> I don't agree with this assumption in the slightest, but some people are
>> afraid of changing default behaviors...
> 
> What "default behavior"? The default behavior of (seriously) defective
> DNS maintenance systems? (You wouldn't like to name-and-shame, I suppose?)
> 
> The end-point of that sort of logic is that, for example, the SRV record
> for _someservice._tcp.somename.example.com has to have separate zones
> for somename.example.com and _tcp.somename.example.com, probably
> containing nothing but the names mentioned.  I've seen people actually
> do this, and it's painful to watch.

Chris, I specifically asked the OP if they wanted a zone cut at the
higher level, or if they were just looking for multi-dot names. So this
particular argumentum ad absurdum is particularly inappropriate.

We used to say that you didn't need to do a delegation if the subzone
was going to be hosted on the same auth. name server either, and then
along came DNSSEC and lots of people with systems that weren't breaking
any rules are suddenly dealing with strange error messages.

So sure, the OP could probably "get away with it" even without doing a
zone cut at the middle level. But I stand by my assertion that for
maximum future-proofing they're safer with it than without. Doing the
zone cut costs them almost nothing now, and may save time/effort/energy
down the road.

Doug



More information about the bind-users mailing list