What do people use public suffix for?

Joe Abley jabley at hopcount.ca
Fri Apr 19 18:58:19 UTC 2013


On 2013-04-19, at 14:17, Bjørn Mork <bjorn at mork.no> wrote:

> It is already, isn't it?  The NS and SOA records will tell you all there
> is to know about zone splits and cross zone relations.

Not really.

In general, just because a zone is served by the same nameservers as another zone doesn't mean that they are administratively equivalent (e.g. for cookie hygiene purposes).

Just because two zones are served on different nameservers doesn't mean they are administratively separate. Lots of administratively-separate domains share the same nameservers.

Drawing related conclusions from similarity of SOA RDATA between zones, or the number of zone cuts between a particular zone and the root, or the number of labels in a domain name is similarly flawed.

If the rule was just "the nameservers need to be the same and the SOA RDATA needs to be the same, for some well-documented meaning of 'same'" then gaming that rule (e.g. for purposes of cookie injection) as a miscreant is unpleasantly straightforward.


Joe





More information about the NANOG mailing list