[bind10-dev] NS/NSEC3/DNAME at wildcard
JINMEI Tatuya / 神明達哉
jinmei at isc.org
Fri Feb 4 18:44:18 UTC 2011
At Fri, 4 Feb 2011 14:38:31 +0100,
Michal 'vorner' Vaner <michal.vaner at nic.cz> wrote:
> > In any event, these are very minor cases and users probably just don't
> > care. But if someone has a specific opinion or suggestion (with
> > reasons), please let me know (on this list).
>
> I guess that it is probably minor enough to go with the easiest way
> to implement it (so we wouldn't spend much time implementing
> something noone would use at all). If we add a note that this is
> omitted simply because we don't think it is useful and if someone
> needs it, to drop a mail, it should be OK I guess.
>
> So, if rejecting it means less work and worrying about corner-cases,
> then I'm for rejecting it.
I think that approach makes sense. In that sense we'd probably reject
the NS and DNAME case at loading because then we can forget the subtle
conflict between the delegation and wildcard matching in find(). For
NSEC3 it's probably better to not bother to check (and reject) it at
load time; eliminating wildcards in NSEC3 won't help much in
identifying it (though we've not implemented it so we cannot be
completely sure) and there could be other odd NSEC3 owner names
that could confuse find() logic anyway.
---
JINMEI, Tatuya
Internet Systems Consortium, Inc.
More information about the bind10-dev
mailing list