Re: [Add] Zone ownership in DNS server discovery
"Vinny Parla (vparla)" <vparla@cisco.com> Thu, 10 September 2020 23:19 UTC
Return-Path: <vparla@cisco.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6714B3A11E8 for <add@ietfa.amsl.com>; Thu, 10 Sep 2020 16:19:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.598
X-Spam-Level:
X-Spam-Status: No, score=-9.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=TnoTcTwz; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=cisco.onmicrosoft.com header.b=uXZ8IuKH
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jCfgusO9-vZp for <add@ietfa.amsl.com>; Thu, 10 Sep 2020 16:19:03 -0700 (PDT)
Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 612CE3A119A for <add@ietf.org>; Thu, 10 Sep 2020 16:19:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=18090; q=dns/txt; s=iport; t=1599779943; x=1600989543; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=+fYE/OQ6BIADFE3cZ6zqMDtnoXEbxLYfb/kfaurAxes=; b=TnoTcTwzGrOckEx6961kWQJw+CTNBvo26MnJVd2UMcVwfPrIAPhXOo32 7fojes66fqIRFu51q3VLVjP5whLGAFfmrY4DXh9jLMpn62drLbfwzRovm u0rtvYt5sLLX57LsNBB9Bwj3vxVsbFn6gZarEelg9KrLtEqGCQZjgAANk w=;
X-Files: smime.p7s : 3980
IronPort-PHdr: 9a23:oADhchc8HVIPE7v723E4NXZdlGMj4e+mNxMJ6pchl7NFe7ii+JKnJkHE+PFxlwaTAdfX7vtegKzXvrzuH2sa7sXJvHMDdclKUBkIwYUTkhc7CcGIQUv8MLbxbiM8EcgDMT0t/3yyPUVPXsqrYVrUry6+6DcIEVP+OBZ7YOPvFd2ag8G+zevn/ZrVbk1Bjya8ZrUnKhKwoE3Ru8AajJEkJLw2z07Co2BDfKJdwmY7KA==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0A3AADls1pf/5xdJa1fGwEBAQEBAQEBBQEBARIBAQEDAwEBAUCBPQQBAQELAYEiL1EHcCwtLyyHfgONcodgjCOEboEuFIERA1UEBwEBAQoDAQEfCgQCBAEBhEsCgh0CJDYHDgIDAQELAQEFAQEBAgEGBG2FXAyFcgEBAQECARIbEwEBLAsBBAsCAQgQAQQBAQEnBwIwFAMBBQgCBA4FCAYUgwWBfk0DDhEPAaoTAoE5iGF0gTSDAQEBBYUeGIIJBwmBOAGBUoEeijsbgUE/gVSCHy4+giM5BIEfJhoMCRYJAgIEgwyCLY9filSBGYovkH4KgmWEP4JdgU+RbaBbkHeFS4ZglQsCBAIEBQIOAQEFgVsHLCqBLXAVO4JpCRYxFwINjh8MF4NOhD6GGHQCARcBHAIGCgEBAwl8jBYtghcBAQ
X-IronPort-AV: E=Sophos;i="5.76,413,1592870400"; d="p7s'?scan'208,217";a="552563775"
Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by alln-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 10 Sep 2020 23:19:02 +0000
Received: from XCH-RCD-001.cisco.com (xch-rcd-001.cisco.com [173.37.102.11]) by rcdn-core-5.cisco.com (8.15.2/8.15.2) with ESMTPS id 08ANJ27B011080 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 10 Sep 2020 23:19:02 GMT
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by XCH-RCD-001.cisco.com (173.37.102.11) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 10 Sep 2020 18:19:01 -0500
Received: from xhs-aln-003.cisco.com (173.37.135.120) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 10 Sep 2020 19:19:00 -0400
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Thu, 10 Sep 2020 18:19:00 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=irGDzCAwLEnWfd4G8zZTF8W/bowNG+leWo+neOxM0v2+l8USInggkW1mQbzDKzaZt4sdTuQGK3rPHFuIaK9sQLLfBYgs3AWhqME5htIfxZSxxnw+6iqshYa2K0Pc9mm8UFguv7vvk1bkVb4Or3HnXVWTuogOWlZZuSOm+3RxZRkqpHpiREsHODxv5lMBNjIEMCDgs01UZfaj7k8DiN1D2DB1zL4Bx1Lmk5yQFS7bCMFCbr8yNaqdDsfHRev/hSRXzAAvsNmH1ENuNL3TwheLCyJ2AtyihVHiasljHHteVPtd/F7YTkkDfALnM9f+zoIfEMawGjky14LLfDlpv03KPQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vjPSLGypgsv05Vd8VowPTpqLky6LuJwFkGkXxKHygEU=; b=f3GoGp1/kGXA8gIeqJ6AggzSap9XVxFkGrzwDaM/wugmsHxpnquOltPKGkq5Xa/B+UTlRXRT7J1OBDvxp4ffO+PGJ6T/IpQhfpuWKyA6qh/uyl60/sxiCXjktTNBIqlMWZcPptF8jwr0VKh7sBoxOPEcfmLVYMBmGwcsbCEpDUGQ5+5eu7QLhvlIWG5Ld3iOUObuE2PhfB1ckUIeSRIjtno1vmsPiP5rs6wDp67+MLFwXrynzWlR/6fjtzJPTigi9j2ZYoBZhtu5LWRSIb6jk4Ant+h0+TgQGwTije2PSSQtsmgdG/9ovgoXEn7NTmipjxlkpqwoNB/EPOB1904d5w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vjPSLGypgsv05Vd8VowPTpqLky6LuJwFkGkXxKHygEU=; b=uXZ8IuKH/6sjhQMpj26WCBHZs/DuQA17QGBjdLWjT4u3HBkymQfosMxLUK6mjR0ax223nrGNjtjUIRcO1O1xHupf+Iw0n7I8fCPkIfCo9llAcOZUVej/NfGeVlf+d/h6y168SqS0pLuySB+h1U73bkBmEKhlSf6uVNvtKqCeWbY=
Received: from MN2PR11MB4760.namprd11.prod.outlook.com (2603:10b6:208:266::22) by BL0PR11MB3332.namprd11.prod.outlook.com (2603:10b6:208:6b::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3348.16; Thu, 10 Sep 2020 23:18:59 +0000
Received: from MN2PR11MB4760.namprd11.prod.outlook.com ([fe80::98b:4104:2283:868]) by MN2PR11MB4760.namprd11.prod.outlook.com ([fe80::98b:4104:2283:868%8]) with mapi id 15.20.3370.016; Thu, 10 Sep 2020 23:18:59 +0000
From: "Vinny Parla (vparla)" <vparla@cisco.com>
To: Tommy Jensen <Jensen.Thomas=40microsoft.com@dmarc.ietf.org>
CC: ADD Mailing list <add@ietf.org>, Jim Reid <jim@rfc1035.com>
Thread-Topic: Zone ownership in DNS server discovery
Thread-Index: AQHWh5AfIlQ/SJDJkkOK/29wrfyB2aligVuw
Date: Thu, 10 Sep 2020 23:18:58 +0000
Message-ID: <MN2PR11MB4760D704676419BA175854CDD8270@MN2PR11MB4760.namprd11.prod.outlook.com>
References: <d4bd287a-d2ce-40cd-b635-4f74efbc77f6@www.fastmail.com> <DM6PR00MB07815F5B6F43F63DB23485A7FA271@DM6PR00MB0781.namprd00.prod.outlook.com>, <6D7363F8-4EA1-4E91-8672-90122A2CCF39@rfc1035.com> <DM6PR00MB07815FC428CDA3F393EF7F95FA271@DM6PR00MB0781.namprd00.prod.outlook.com>
In-Reply-To: <DM6PR00MB07815FC428CDA3F393EF7F95FA271@DM6PR00MB0781.namprd00.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2020-09-10T16:31:37.334Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard;
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none;dmarc.ietf.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2601:188:c400:bde0:6c5f:e645:62b2:5f0c]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 1ac9a28e-4265-4f98-8941-08d855dfe590
x-ms-traffictypediagnostic: BL0PR11MB3332:
x-microsoft-antispam-prvs: <BL0PR11MB333242729CCAF9F2A80F79F6D8270@BL0PR11MB3332.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 2g+v6v6sF5nzYL2McDuIz6v8Lt27s7g9FSAzCMgPn0wCuxP1UHXzJ5csvZGaqkPuR7efjNQcCyqfXJamuMac1mtzJd2VMfEZIKFX5+sRrZkz6rDpu5JwGGbqS28vRU+DivcYc5CYabqbZxdA1wW2+flqcpS9+1Bp7GEC3Nw4llqIljVKjt3qaYcy5O3+sHetvu7juHYxQJdHk/keA71f9MWNB90CiTo7rCWazOub/XFagSfrbXp1wOMuFHsFTmbyZQ0OM06mLLZjF3zuQ2eFFwzOibrlYXxmw0hQUgmm5cf0X1Gv2KMq8+fjA+IfW+s7QLWDVv+woN9sj37OCnog3CmEmUvL0WNVBJfa1iz8MceeRvt3zNxfA0aztQpg6fsr5doHgq+Vm/vGqjU6M097Mw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB4760.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(39860400002)(136003)(366004)(396003)(376002)(346002)(86362001)(6506007)(53546011)(966005)(5660300002)(66574015)(8676002)(9326002)(71200400001)(316002)(166002)(7696005)(8936002)(33656002)(66946007)(186003)(45080400002)(66446008)(2906002)(4326008)(99936003)(478600001)(66556008)(66616009)(66476007)(54906003)(55016002)(52536014)(9686003)(76116006)(83380400001)(64756008); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: VHiV5pvp/Ow1ZhElRSTtluE+wzBdPOYqyU7pq0ee67hhAXbREYrns2KCjJJ0RxRqbGGiDj0VH7aw/QvrIT4jVwaXTfw959HNdEfkRVpXGldRZYxoUgrA5kl07mJKNhXlVZcTzC0gdFxSZxHw7C9lZfhOqkd67PDA20EuQNFyyxqaC1ufbuJVeixG8lIRcCut5cFeE5IErpdYSJjOLw4a3qyMqPg3BvLziJl4idfn+Qtird4FN84viRKuxWiAUYQlqpkT65CTePODxj2Ryv1QDVRMcDAe47eBY1soNwUEJEl7/2zBwd0IW35h6alagfcBzPj1nIuBSz3aSokZBAjGXqnHU7bbx0FF5N9XIA+1Kznx3A4YpvHfuq+OwRtmtfSB0Dg12aQV4ypevUEpfuvfgrcwFCxMEg/NDZx0NSH8GUF6LL6Vj2SrjCL7HZ98nkn7iSXln5Vh95yvnf3KOem6slWK9aaDulWW1Dj1HCUjez+4aWJqJkJHmMejDJG1O56LjJ/PlWNbUmraA77pG4I1h8z+jtv/H0A7hpIOsjKyG6e2zSVnjcdLXcD6/EL8JASvZltvpCtIK5M36oGjqyDbvgDWDJ6w2oalHTZhO/Y7/Tj6B6R10tDrm4TDZK3bqUDJy+LYEs6Y4Uv5GWPwgDF5ZPud4bBcFRPYD7QKa6datk/dCBBxFHJX2Tcs0d11dD1muwUvFc3/eNsAvbk1A1rSsg==
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_06FB_01D687A7.3ABAD7E0"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR11MB4760.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1ac9a28e-4265-4f98-8941-08d855dfe590
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Sep 2020 23:18:58.9551 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: p7v709SuI3pLx59guWzycxIGl0Y8YcOcjPwCumlVpiOjhTU+hofwKRfvxb7M2ZU1qwWFTy/xzAcip74ul7/Vhw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR11MB3332
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.11, xch-rcd-001.cisco.com
X-Outbound-Node: rcdn-core-5.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/DV0xYGJbwRjSRUNvrSNwLF1osTY>
Subject: Re: [Add] Zone ownership in DNS server discovery
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Sep 2020 23:19:06 -0000
Hi, So if I understand the statement below, it is entirely up to an algorithm of the implementor, which could differ from endpoint to endpoint or browser to browse, to choose either to use the authoritative vs the recursive resolver. Did I understand this correctly? Thanks, -Vinny From: Add <add-bounces@ietf.org> On Behalf Of Tommy Jensen Sent: Thursday, September 10, 2020 12:32 PM To: Jim Reid <jim@rfc1035.com> Cc: ADD Mailing list <add@ietf.org> Subject: [Add] Zone ownership in DNS server discovery Changing subject line to avoid the noise on Martin's single use case. This is a separate topic. >From the WG charter: > Define a mechanism that allows communication of DNS resolver > information to clients for use in selection decisions. This could be > part of the mechanism used for discovery, above If I know "doh.example.com" is authoritative for "foo.example.com", I may prefer to take *.foo.example.com queries directly to it instead of using an intermediary recursive. I consider this to be separate from policies such as "I perform filtering" because being authoritative or designated isn't a policy / requirement and I can still choose to use an intermediate recursive if I want. This information can also be readily authenticated since TLS already gives us a mechanism for conveying and validating ownership claims relative to a domain name (as opposed to a network name). Thanks, Tommy ================================================ The latest in Windows Internet Protocols: Native gRPC support: <https://aka.ms/grpcblogpost> https://aka.ms/grpcblogpost DNS over HTTPS: <https://aka.ms/dohblogpost> https://aka.ms/dohblogpost _____ From: Jim Reid <jim@rfc1035.com <mailto:jim@rfc1035.com> > Sent: Thursday, September 10, 2020 8:37 AM To: Tommy Jensen <Jensen.Thomas@microsoft.com <mailto:Jensen.Thomas@microsoft.com> > Cc: ADD Mailing list <add@ietf.org <mailto:add@ietf.org> > Subject: Re: [Add] [EXTERNAL] My single use case > On 10 Sep 2020, at 16:27, Tommy Jensen <Jensen.Thomas=40microsoft.com@dmarc.ietf.org <mailto:Jensen.Thomas=40microsoft.com@dmarc.ietf.org> > wrote: > > > Specifically, I want to NOT learn about whether the resolver does [...] > > +1, I couldn't agree more. Ditto. > One exception would be zone ownership for me as I don't consider that a policy, but I agree that's a scenario separate from the one you are describing and should be kept separate. What has zone ownership - whatever that means - got to do with resolution transports or resolver selection? How is it relevant to this WG?
- [Add] My single use case Martin Thomson
- Re: [Add] [EXTERNAL] My single use case Tommy Jensen
- Re: [Add] My single use case Chris Box (BT)
- Re: [Add] [EXTERNAL] My single use case Jim Reid
- Re: [Add] [EXTERNAL] My single use case Robert Mortimer
- [Add] Zone ownership in DNS server discovery Tommy Jensen
- Re: [Add] [EXTERNAL] My single use case Ben Schwartz
- Re: [Add] Zone ownership in DNS server discovery Vinny Parla (vparla)
- Re: [Add] Zone ownership in DNS server discovery Tommy Jensen
- Re: [Add] Zone ownership in DNS server discovery Vinny Parla (vparla)
- Re: [Add] [EXTERNAL] My single use case Martin Thomson
- Re: [Add] My single use case Martin Thomson
- Re: [Add] My single use case tirumal reddy
- Re: [Add] Zone ownership in DNS server discovery tirumal reddy
- Re: [Add] Zone ownership in DNS server discovery Vittorio Bertola
- Re: [Add] Zone ownership in DNS server discovery Joe Abley
- Re: [Add] My single use case Eric Rescorla
- Re: [Add] My single use case tirumal reddy
- Re: [Add] My single use case Eric Rescorla
- Re: [Add] [Ext] My single use case Paul Hoffman
- Re: [Add] [Ext] My single use case tirumal reddy
- Re: [Add] [Ext] My single use case Eric Rescorla
- Re: [Add] [EXTERNAL] Re: [Ext] My single use case Geist, Dan (CCI-Atlanta)
- Re: [Add] [EXTERNAL] Re: Zone ownership in DNS se… Tommy Jensen
- Re: [Add] [EXTERNAL] My single use case Tommy Jensen
- Re: [Add] [EXTERNAL] My single use case Martin Thomson
- Re: [Add] [Ext] My single use case tirumal reddy
- Re: [Add] [EXTERNAL] My single use case tirumal reddy
- Re: [Add] [Ext] My single use case Eric Rescorla
- Re: [Add] [EXTERNAL] My single use case Daniel Migault
- Re: [Add] My single use case Daniel Migault
- Re: [Add] [EXTERNAL] My single use case Vittorio Bertola
- Re: [Add] [EXTERNAL] My single use case Andrew Campling
- Re: [Add] My single use case Steffen Nurpmeso
- Re: [Add] [EXTERNAL] My single use case Daniel Migault
- Re: [Add] [Ext] My single use case tirumal reddy
- Re: [Add] [EXTERNAL] My single use case Tommy Jensen