[162475] in North American Network Operators' Group
Re: What do people use public suffix for?
daemon@ATHENA.MIT.EDU (Joe Abley)
Fri Apr 19 14:58:43 2013
From: Joe Abley <jabley@hopcount.ca>
In-Reply-To: <8738umqta5.fsf@nemi.mork.no>
Date: Fri, 19 Apr 2013 14:58:19 -0400
To: =?iso-8859-1?Q?Bj=F8rn_Mork?= <bjorn@mork.no>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 2013-04-19, at 14:17, Bj=F8rn Mork <bjorn@mork.no> wrote:
> It is already, isn't it? The NS and SOA records will tell you all =
there
> is to know about zone splits and cross zone relations.
Not really.
In general, just because a zone is served by the same nameservers as =
another zone doesn't mean that they are administratively equivalent =
(e.g. for cookie hygiene purposes).
Just because two zones are served on different nameservers doesn't mean =
they are administratively separate. Lots of administratively-separate =
domains share the same nameservers.
Drawing related conclusions from similarity of SOA RDATA between zones, =
or the number of zone cuts between a particular zone and the root, or =
the number of labels in a domain name is similarly flawed.
If the rule was just "the nameservers need to be the same and the SOA =
RDATA needs to be the same, for some well-documented meaning of 'same'" =
then gaming that rule (e.g. for purposes of cookie injection) as a =
miscreant is unpleasantly straightforward.
Joe
