--On den 3 oktober 2005 17.10.53 +0200 Peter Koch <pk@DENIC.DE> wrote:
In the interest of sanity, I'd suggest adding "should answer queries about said domain with the AA bit set" (in addition to swallowing/properly rejecting/processing updates and allowing/properly refusing zone transfers). That is the The Right Thing to do, IMHO,
There's no RFC that would support this as far as I can see. At least there's no RFC that suggests that the server named in MNAME act as an additional resource to what is already in the NS RRSet.
1035 says: MNAME The <domain-name> of the name server that was the original or primary source of data for this zone. I think this is supportive of the idea that questions about the zone SHOULD be answered, and that AA bit SHOULD be set.
So, my suggestion is to adjust the MNAME text in a way that keeps the original spirit but explicitly says that the name in MNAME
1) must resolve to an A RR(Set) 2) the address (or, to complicate matters, addresses) must be the public address of the (hidden/stealth) primary master
...and thus as per above SHOULD do dns? I think there is support in the text for that.
Please remember that RIPE-203 does not try to be an exhaustive (even less so normative) explanation for all the SOA RR's parameters for most any situation. It aims at a rather large subset (maybe in the 70-80%) of zones which can live well with these defaults.
Understood. -- Måns Nilsson Systems Specialist +46 70 681 7204 cell KTHNOC +46 8 790 6518 office MN1334-RIPE