[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

What do people use public suffix for?

On 2013-04-19, at 14:17, Bj?rn Mork <bjorn at mork.no> wrote:

> It is already, isn't it?  The NS and SOA records will tell you all there
> is to know about zone splits and cross zone relations.

Not really.

In general, just because a zone is served by the same nameservers as another zone doesn't mean that they are administratively equivalent (e.g. for cookie hygiene purposes).

Just because two zones are served on different nameservers doesn't mean they are administratively separate. Lots of administratively-separate domains share the same nameservers.

Drawing related conclusions from similarity of SOA RDATA between zones, or the number of zone cuts between a particular zone and the root, or the number of labels in a domain name is similarly flawed.

If the rule was just "the nameservers need to be the same and the SOA RDATA needs to be the same, for some well-documented meaning of 'same'" then gaming that rule (e.g. for purposes of cookie injection) as a miscreant is unpleasantly straightforward.