Subject: Re: [ISC-Bugs #45416] named and named-checkzone don't recognise out-of-zone RRsets that are below a delegation point To: bind9-confidential@isc.org Message-ID: <20170627121220.406817C839EF@rock.dv.isc.org> References: <20170622202604.GA7148@jurassic> In-Reply-To: Your message of "Tue, 27 Jun 2017 12:06:08 +0000." Delivered-To: bind9-confidential@bugs.isc.org X-Original-To: bind9-confidential@bugs.isc.org Date: Tue, 27 Jun 2017 22:12:20 +1000 X-RT-Incoming-Encryption: Not encrypted X-RT-Original-Encoding: utf-8 X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00, RP_MATCHES_RCVD autolearn=ham autolearn_force=no version=3.4.1 X-RT-Interface: Email X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on mx.ams1.isc.org Received: from mx.ams1.isc.org (mx.ams1.isc.org [199.6.1.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "mx.ams1.isc.org", Issuer "COMODO RSA Organization Validation Secure Server CA" (not verified)) by bugs.isc.org (Postfix) with ESMTPS id 713EBD78A4F for ; Tue, 27 Jun 2017 12:13:44 +0000 (UTC) Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.ams1.isc.org (Postfix) with ESMTPS id 0824024AE0B for ; Tue, 27 Jun 2017 12:12:19 +0000 (UTC) Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 7A6F2160048 for ; Tue, 27 Jun 2017 12:12:22 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 6A5BE16005B for ; Tue, 27 Jun 2017 12:12:22 +0000 (UTC) Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 3-hwwg8Jo1iI for ; Tue, 27 Jun 2017 12:12:22 +0000 (UTC) Received: from rock.dv.isc.org (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id 299A0160048 for ; Tue, 27 Jun 2017 12:12:22 +0000 (UTC) Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id 406817C839EF for ; Tue, 27 Jun 2017 22:12:20 +1000 (AEST) Return-Path: From marka@isc.org Tue Jun 27 12:13:44 2017 From: "Mark Andrews" content-type: text/plain; charset="utf-8" RT-Message-ID: Content-Length: 1226 In message , "Cathy Almond via RT" writes: > On Thu Jun 22 20:26:14 2017, muks wrote: > > RFC 2136 covers this: > > > > 7.18. Previously existing names which are occluded by a new zone cut > > are still considered part of the parent zone, for the purposes of > > zone transfers, even though queries for such names will be referred > > to the new subzone's servers. If a zone cut is removed, all parent > > zone names that were occluded by it will again become visible to > > queries. (This is a clarification of [RFC1034].) > > > > Occlusion is not an error. A similar situation can occur with DNAME > > too. > > > > Mukund > > Ah OK - in that case, I think there is nothing we can reasonable do > here, unless we think it worthwhile to add a warning. Well we could add a mode that checks for non-glue below bottom of zone but it would have to be documented as being beyond what it technically required. This policy not correctness enforcement. > Cathy > > -- > Ticket History: https://bugs.isc.org/Ticket/Display.html?id=45416 -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org