mailing list archives
Re: What do people use public suffix for?
From: Jimmy Hess <mysidia () gmail com>
Date: Fri, 19 Apr 2013 18:33:25 -0500
On 4/19/13, Dave Crocker <dhc2 () dcrocker net> wrote:
On 4/19/2013 12:57 PM, Tony Finch wrote:
To reinforce Joe's point, there doesn't even need to be a zone cut for
there to be an administrative cut. There are various ISPs and dynamic DNS
providers that put all their users in the same zone, and the common
In this case, there really is no administrative cut though... the
provider administers the DNS record.
The fact that they often correlate moderately well makes it easy to miss
the facts that a) that's not their job, and b) the correlation isn't
perfect. And the imperfections matter.
That is why there is the current interest in developing a cheap,
accurate method that /is/ intended to define organizational boundaries.
It seems this is more about providing a security function to DNS, to
inform the public, about where the responsible parties change.
The right place for this, is clearly the DNSSEC extensions....
If the DS record identifies a different signer, then you have an
or if the e-mail address field in the SOA fields of the parent zone
are different, then you have an administrative split, OR if one of the
two zones has RP (responsible party records), and the list of RP
records are different for the two zones, then you have an
If the DS record identifies the same signer, AND the e-mail
address in the SOA records is the same; or the list of e-mail
addresses in the two zones' RP records are identical,
then you don't have an administrative split.
Re: What do people use public suffix for? Geoffrey Keating (Apr 15)