Peter Koch wrote:
On Thu, Apr 13, 2006 at 01:08:10AM +0000, John Levine wrote:
There's no threat. Despite a certain amount of wishful thinking to
the contrary, the design of DNS makes subdomains absolutely completely
under the control of the domains from which they are delegated. If
quite the opposite is true, that's what delegations are for. I'd agree
it's not a threat - but a misconception. Hierarchy in naming does neither
imply nor follow hierarchy in administration (or administrative control).
Any attempt to set 'domain wide' defaults or values misses that fact.
It's related to "DNS tree climbing" or lessons (not) learned from RFC 1535.
Peter, I am not understanding your point. Yes, it is essential to distinguish
between naming hierarchy and administrative hierarchy. However, the DNS has
both, an administration up the tree does have complete power over the entire
branch under it. An obvious example is exactly the ability to re-direct that
you cite.
Please explain.
d/
--
Dave Crocker
Brandenburg InternetWorking
<http://bbiw.net>
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html