[dns-wg] RIPE's MNAME recommendation

Tue Oct 4 09:12:40 CEST 2005

--On den 3 oktober 2005 17.10.53 +0200 Peter Koch <pk at DENIC.DE> wrote:

>> In the interest of sanity, I'd suggest adding "should answer queries
>> about said domain with the AA bit set" (in addition to
>> swallowing/properly rejecting/processing updates and allowing/properly
>> refusing zone transfers). That is the The Right Thing to do, IMHO, 

> There's no RFC that would support this as far as I can see. At least
> there's no RFC that suggests that the server named in MNAME act as an
> additional resource to what is already in the NS RRSet.

1035 says: 

MNAME           The <domain-name> of the name server that was the
                original or primary source of data for this zone.

I think this is supportive of the idea that questions about the zone SHOULD
be answered, and that AA bit SHOULD be set. 

> So, my suggestion is to adjust the MNAME text in a way that keeps the
> original spirit but explicitly says that the name in MNAME 
> 
> 1) must resolve to an A RR(Set) 
> 2) the address (or, to complicate matters, addresses) must be the public
>    address of the (hidden/stealth) primary master

...and thus as per above SHOULD do dns? I think there is support in the
text for that.

> Please remember that RIPE-203 does not try to be an exhaustive (even less
> so normative) explanation for all the SOA RR's parameters for most any
> situation. It aims at a rather large subset (maybe in the 70-80%) of
> zones which can live well with these defaults.

Understood. 

-- 
Måns Nilsson                    Systems Specialist
+46 70 681 7204   cell                      KTHNOC
+46 8 790 6518  office                 MN1334-RIPE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
URL: <https://lists.ripe.net/ripe/mail/archives/dns-wg/attachments/20051004/5e6b43df/attachment.sig>