[Add] Zone ownership in DNS server discovery

Tommy Jensen <Jensen.Thomas@microsoft.com> Thu, 10 September 2020 16:31 UTC

From: Tommy Jensen <Jensen.Thomas@microsoft.com>
To: Jim Reid <jim@rfc1035.com>
CC: ADD Mailing list <add@ietf.org>
Thread-Topic: Zone ownership in DNS server discovery
Thread-Index: AQHWh4/am/h7uaenCkKmRwGY+HOtUw==
Date: Thu, 10 Sep 2020 16:31:37 +0000
Message-ID: <DM6PR00MB07815FC428CDA3F393EF7F95FA271@DM6PR00MB0781.namprd00.prod.outlook.com>
References: <d4bd287a-d2ce-40cd-b635-4f74efbc77f6@www.fastmail.com> <DM6PR00MB07815F5B6F43F63DB23485A7FA271@DM6PR00MB0781.namprd00.prod.outlook.com>, <6D7363F8-4EA1-4E91-8672-90122A2CCF39@rfc1035.com>
In-Reply-To: <6D7363F8-4EA1-4E91-8672-90122A2CCF39@rfc1035.com>
Accept-Language: en-US
Content-Language: en-US
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2020-09-10T16:31:37.334Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard;
authentication-results: rfc1035.com; dkim=none (message not signed) header.d=none;rfc1035.com; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [50.35.64.46]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 6dfad820-9d0b-4915-70d6-08d855a6fd61
x-ms-traffictypediagnostic: DM6PR00MB0873:
x-microsoft-antispam-prvs: <DM6PR00MB087381D2E2F2C44C8E0BE9E5FA271@DM6PR00MB0873.namprd00.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: P9DJGHzrilheEO4ywCzIbkpTMEvHQUpt4gRT40OJeWpLB8xlAlMwP+xiyle2EQdQuFIL7CM7vNspaGb5/FFAirZxXeVjuPYxLwN0TsL6YtPy20VssNBm6ESKKDCfOupqjL58yF5W8z04mQziRe8Lrep/eboz5DVsF8+D8EIIprrIOb8/BpDSD07hiE6jtidKoS6gK2wcwdTEaVbPlJ4Vs7tZlbHI0ecYSIguBuf8k1i/gLDsi+oFqjUfw+UQq1YXFUUy6qUB9Qpx2+/CG5y193nxlG7zxRItERweKstcRc0EtR25FXPLqssIuJn/Zi3JjKygruxbmF+P8nL8AGAJWgDsypjjjxPT/1VSCBMl8mqMEj5Vqk8snCjGhFc2KWLDL9cHrNZO0iLFCSOT4xWh2PfHWB1NwMJqF/0YaXA/Ab6UxGKjxkGMvyRENFZLhr1/7+UxCmqYkG77eLx9S8FeyA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR00MB0781.namprd00.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(39860400002)(366004)(376002)(346002)(136003)(396003)(8990500004)(8936002)(66446008)(2906002)(64756008)(66476007)(66946007)(19627405001)(66556008)(76116006)(91956017)(71200400001)(5660300002)(52536014)(55016002)(9686003)(86362001)(966005)(26005)(6506007)(53546011)(7696005)(8676002)(186003)(316002)(4326008)(82950400001)(166002)(10290500003)(478600001)(66574015)(83380400001)(82960400001)(33656002)(6916009); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: QuyK+aqv0p05M9NvkMFOC72ZbS0TAPMzCHHvcRgqdc9UAISCigCaVEGLEUDOQY4InODEUvtorX2rsaX4IUOgLP9HD+Z1zVJSB0hrT7SJSup6rncWwSY3vKxAtguSqSZyp7rKn60MegSqyq083LsP0kf4vQsmERS33MLH9dKYNk2LKV3olfSP3fm/1rWcQm12Cmr8zRBy83vihqKvAIN0k8GJaLN6FMML00omQsY19QN+TTblHzqcWK+RKe7UtYpCArfhmYs2JwEXARznXNANqSUaF5mJ0AIQvKcM+W61qvDqSBHs4FQMQtaMSTCBczEM+PS/kXjG9bC/8YWB64vRxNm/3UF/LinCKKMhqqbk4z5ZMgry44Ahm44BrRVwsRHOqIzOLE6lpoSDoIbl4Wx0ncJ0hXKxBCGJFwDGCha5Zcd/tCwrHRnbS+3unXo+pukMKvTU1D+2VZJe6imo/MMF/XQ4h6FHTHLXBgaMOsmBzC8TaUlNS9ZXL9f1qp5egwephXpLMtS5+WndLlrh8wA1TiLvZlIpj4GC3otBGp9ou/ZlkzwcWkr80k1M4lidq0N4wyusg/BEYI0OhnSlf3F+qoq4xZlyewB4c8nGhb2kZ1hU1elaKiZ3jNBO4HYiIIVsv6/QePU1CYVbc5+8OJbRLA==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_DM6PR00MB07815FC428CDA3F393EF7F95FA271DM6PR00MB0781namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR00MB0781.namprd00.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6dfad820-9d0b-4915-70d6-08d855a6fd61
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Sep 2020 16:31:37.6440 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: glbAkezn3uDIZ4/opL+YmnuE4cya6M8OdxYCR5z+BnH0R8iasn5xdFJjO8QooyjmurZqgswE+wATG6NSwM0xpQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR00MB0873
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/klka9muJJN3U-osEmZzgZuBv_Io>
Subject: [Add] Zone ownership in DNS server discovery
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Sep 2020 16:31:58 -0000

Changing subject line to avoid the noise on Martin's single use case. This is a separate topic.

>From the WG charter:

> Define a mechanism that allows communication of DNS resolver
> information to clients for use in selection decisions. This could be
> part of the mechanism used for discovery, above

If I know "doh.example.com" is authoritative for "foo.example.com", I may prefer to take *.foo.example.com queries directly to it instead of using an intermediary recursive. I consider this to be separate from policies such as "I perform filtering" because being authoritative or designated isn't a policy / requirement and I can still choose to use an intermediate recursive if I want. This information can also be readily authenticated since TLS already gives us a mechanism for conveying and validating ownership claims relative to a domain name (as opposed to a network name).

Thanks,
Tommy

================================================

The latest in Windows Internet Protocols:

  Native gRPC support: https://aka.ms/grpcblogpost

  DNS over HTTPS: https://aka.ms/dohblogpost

________________________________
From: Jim Reid <jim@rfc1035.com>
Sent: Thursday, September 10, 2020 8:37 AM
To: Tommy Jensen <Jensen.Thomas@microsoft.com>
Cc: ADD Mailing list <add@ietf.org>
Subject: Re: [Add] [EXTERNAL] My single use case

> On 10 Sep 2020, at 16:27, Tommy Jensen <Jensen.Thomas=40microsoft.com@dmarc.ietf.org> wrote:
>
> > Specifically, I want to NOT learn about whether the resolver does [...]
>
> +1, I couldn't agree more.

Ditto.

> One exception would be zone ownership for me as I don't consider that a policy, but I agree that's a scenario separate from the one you are describing and should be kept separate.

What has zone ownership - whatever that means - got to do with resolution transports or resolver selection? How is it relevant to this WG?

[Add] My single use case Martin Thomson
Re: [Add] [EXTERNAL] My single use case Tommy Jensen
Re: [Add] My single use case Chris Box (BT)
Re: [Add] [EXTERNAL] My single use case Jim Reid
Re: [Add] [EXTERNAL] My single use case Robert Mortimer
[Add] Zone ownership in DNS server discovery Tommy Jensen
Re: [Add] [EXTERNAL] My single use case Ben Schwartz
Re: [Add] Zone ownership in DNS server discovery Vinny Parla (vparla)
Re: [Add] Zone ownership in DNS server discovery Tommy Jensen
Re: [Add] Zone ownership in DNS server discovery Vinny Parla (vparla)
Re: [Add] [EXTERNAL] My single use case Martin Thomson
Re: [Add] My single use case Martin Thomson
Re: [Add] My single use case tirumal reddy
Re: [Add] Zone ownership in DNS server discovery tirumal reddy
Re: [Add] Zone ownership in DNS server discovery Vittorio Bertola
Re: [Add] Zone ownership in DNS server discovery Joe Abley
Re: [Add] My single use case Eric Rescorla
Re: [Add] My single use case tirumal reddy
Re: [Add] My single use case Eric Rescorla
Re: [Add] [Ext] My single use case Paul Hoffman
Re: [Add] [Ext] My single use case tirumal reddy
Re: [Add] [Ext] My single use case Eric Rescorla
Re: [Add] [EXTERNAL] Re: [Ext] My single use case Geist, Dan (CCI-Atlanta)
Re: [Add] [EXTERNAL] Re: Zone ownership in DNS se… Tommy Jensen
Re: [Add] [EXTERNAL] My single use case Tommy Jensen
Re: [Add] [EXTERNAL] My single use case Martin Thomson
Re: [Add] [Ext] My single use case tirumal reddy
Re: [Add] [EXTERNAL] My single use case tirumal reddy
Re: [Add] [Ext] My single use case Eric Rescorla
Re: [Add] [EXTERNAL] My single use case Daniel Migault
Re: [Add] My single use case Daniel Migault
Re: [Add] [EXTERNAL] My single use case Vittorio Bertola
Re: [Add] [EXTERNAL] My single use case Andrew Campling
Re: [Add] My single use case Steffen Nurpmeso
Re: [Add] [EXTERNAL] My single use case Daniel Migault
Re: [Add] [Ext] My single use case tirumal reddy
Re: [Add] [EXTERNAL] My single use case Tommy Jensen