Home page logo
/

nanog logo nanog mailing list archives

Re: What do people use public suffix for?
From: Joe Abley <jabley () hopcount ca>
Date: Fri, 19 Apr 2013 14:58:19 -0400


On 2013-04-19, at 14:17, Bjørn Mork <bjorn () mork no> wrote:

It is already, isn't it?  The NS and SOA records will tell you all there
is to know about zone splits and cross zone relations.

Not really.

In general, just because a zone is served by the same nameservers as another zone doesn't mean that they are 
administratively equivalent (e.g. for cookie hygiene purposes).

Just because two zones are served on different nameservers doesn't mean they are administratively separate. Lots of 
administratively-separate domains share the same nameservers.

Drawing related conclusions from similarity of SOA RDATA between zones, or the number of zone cuts between a particular 
zone and the root, or the number of labels in a domain name is similarly flawed.

If the rule was just "the nameservers need to be the same and the SOA RDATA needs to be the same, for some 
well-documented meaning of 'same'" then gaming that rule (e.g. for purposes of cookie injection) as a miscreant is 
unpleasantly straightforward.


Joe



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault