IETF Logo Mail Archive

Re: [dd] DBOUND scope

Ben Schwartz <bemasc@meta.com> Tue, 19 March 2024 03:56 UTC

Return-Path: <prvs=8808b73314=bemasc@meta.com>
X-Original-To: dd@ietfa.amsl.com
Delivered-To: dd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27676C14F6B1 for <dd@ietfa.amsl.com>; Mon, 18 Mar 2024 20:56:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.804
X-Spam-Level:
X-Spam-Status: No, score=-2.804 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=meta.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QowRu0NSyzSI for <dd@ietfa.amsl.com>; Mon, 18 Mar 2024 20:56:20 -0700 (PDT)
Received: from mx0a-00082601.pphosted.com (mx0b-00082601.pphosted.com [67.231.153.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E9FB6C14F61C for <dd@ietf.org>; Mon, 18 Mar 2024 20:56:19 -0700 (PDT)
Received: from pps.filterd (m0001303.ppops.net [127.0.0.1]) by m0001303.ppops.net (8.17.1.19/8.17.1.19) with ESMTP id 42IJiEjm025094; Mon, 18 Mar 2024 20:56:18 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meta.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=s2048-2021-q4; bh=jm0pigrGiZUirwTiveEF1hww5MkSQleuOyiIQaam9Hg=; b=Q3vWCFe3Wdz9bD54tncz2+4iQatzjACwFVzAYauSNjLfNlTyQzcmOY70i1FJnaVin+BL KOjdfWnEezJ6660zGpHb2WaDEZf60dUmFAdzbI+8qEWWDIcJJ6QnnVrzSkliQL3BP+Cw +c1l3brfRQBRny86aCyVJceYd5bQPBMltt4InNwLyhINhw5XD4/2EcvVTs4BAGyacEFF xHDa9K+HurNdf8ynQoYQGjG3F+p2NX0rvJkQm2+uGVmYOsBiQU3pDKlKZIr6l0sKthvf uhizgYySiJ6WzaVx97ZYRsfCln4Uh5+jgK4dE6zwEgwvROJLJfkpJiHXHQmXVxwSv3oz Cg==
Received: from nam12-mw2-obe.outbound.protection.outlook.com (mail-mw2nam12lp2040.outbound.protection.outlook.com [104.47.66.40]) by m0001303.ppops.net (PPS) with ESMTPS id 3wxn3gn05s-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 18 Mar 2024 20:56:18 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aBJYEk9YWuBY1DkiQTWYFNGmlIoA3qed/RGCbq/k1OHIOi8pytf4M29XvhwCH3xMO+J4j+rpJ4MPOrWwryAqCTyel12yodrDNY7Kc0CjB2dLKJV9+OIkb7JsYGJ2dP0CjrCK3N8BaXNFyNJe5We3tqVdRZSgJFqfuhw3EPudARxexzpptLnDtZPwQuB5qI3sStoVoCin/0KRY7ajyaBX6UW8/YhI5q0183yoQnCDtNLm65y3BG5gZbEgvSdD/Y5+4b3oQoNE0EzMAWgO+42UsU8ytIkMYg6vh43pPSzA3+bMNTopuzNdAbzzZFUQolDP+fxgpuB5F8uk34UbG/n3hQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=YVgcaoeHdH4W2kRDgidwiEee83/kP3VqVdDUOq2k30o=; b=O7Lam+lU/fipQYddH7SFym2PR6gMtjg6Iy/S9HWew4ZpNx9a4Zy2YxtM5ceREgxCRRch0I/5MKTkhYUd/VxQJK2vhu2NAWyUDJqkW8LQFypalAeWKU0QQ9zdsN5hI1f0AKCCpKAbM/NeuooI4SIkVrX8d4nHRfHAkiLLgwYZglgI+/omOV6uRP0WMiSMTbXRNxM9NytSs7B52jZB3AnqHfKXRcsQ8J8SmrAbMRrpebQjl/zaxjw2tCrDgArU3O1eI0wPcjMx7vu22TrbVJiW3x7/M+0tDAEKqtcY6ciMNFu9dmsl7hePSeIY6FDPSsEIm3upaHrY/fXQGUTmyVy2bg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=meta.com; dmarc=pass action=none header.from=meta.com; dkim=pass header.d=meta.com; arc=none
Received: from SA1PR15MB4370.namprd15.prod.outlook.com (2603:10b6:806:191::8) by SJ0PR15MB5279.namprd15.prod.outlook.com (2603:10b6:a03:42e::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.26; Tue, 19 Mar 2024 03:56:16 +0000
Received: from SA1PR15MB4370.namprd15.prod.outlook.com ([fe80::50:3dc9:3ace:9a3a]) by SA1PR15MB4370.namprd15.prod.outlook.com ([fe80::50:3dc9:3ace:9a3a%5]) with mapi id 15.20.7386.025; Tue, 19 Mar 2024 03:56:16 +0000
From: Ben Schwartz <bemasc@meta.com>
To: John Levine <johnl@taugh.com>, "dd@ietf.org" <dd@ietf.org>
Thread-Topic: [dd] DBOUND scope
Thread-Index: AQHaeaXm9VM6f9xyK0uG9z/AJn7YxrE+ZTQAgAAB9+Y=
Date: Tue, 19 Mar 2024 03:56:16 +0000
Message-ID: <SA1PR15MB437061A5E3C4AE859BCEAADCB32C2@SA1PR15MB4370.namprd15.prod.outlook.com>
References: <MW4PR15MB437960E4E89D3EDFE8818665B32C2@MW4PR15MB4379.namprd15.prod.outlook.com> <20240319031928.B1A1785A7367@ary.qy>
In-Reply-To: <20240319031928.B1A1785A7367@ary.qy>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SA1PR15MB4370:EE_|SJ0PR15MB5279:EE_
x-fb-source: Internal
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: KH2ixpuUp2sPn70mtnzM0IL4xF46hj9k0XLii4kEhC5+J/j9zJohnnrVAnt/WhPOYz/+FKKLv5hYAZNUBCXZcPrfvVjcML5iTIMBEC33ZiPU7m3QzWl6ECOOFHgBGOXu0krXZUC/6dqVUHvzNbT7Oj/GGFvKjeWszQ9d4uPmH7j30nMMY8ZWeEKN0mL+qqgX3TIB1OId63a3j6HCaENcjjEdsFhI2aJAP6aUaer1WIOCe9/WGueFNdfU9IgYWNBbxgz8NOoAHPj1lxNQQjue17aUkxfXmymy0X/Aor7c1UJYCi3iway/qILHiHg7bTmKyPAorxQeaXMNIRt8Tbj2xRipZGFdMKTWM4RSbcrCaH9RfucoKY7PiMJs7B29a0/SVEODgUuw6A07L0sSeCTRj2rLbBDp6n7Kampsenc1AZ3CCTsMZR5CjxybfzG2tYoYdAIpyD41cBAxS0QpwPhtFoIlqbaJPkSMOJflrEtLM61z5b88xMWObETeyK4HdOLJQiV/ScCYkmdb16Lub+IZYe6UxF5ofjZOAwf4IDx09LGOkg2Q56rzDGSAU8LMDoS+elu9FmN+0hhqOl9j3innkC/2nk4PCuIdEfqAuGPjJyM=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SA1PR15MB4370.namprd15.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(376005)(1800799015)(366007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Acw3WFEL36XNAbKbwPjzW0rbCUN2ReoZGIiUxi9IW1rrCyGVdHzaCtTWo486LMsyWrrnZpNEtGODjtbEJTvIaleMYgXFIPc7iyapR0aay+4HrFHt4aE1tLYtXtWqXbrJ+TBgZ232d25asnNfh6uXPot0bVWEBSu5WwPkUs/AdL3JRNgsi9oXqpRab8EwHwvTr/TMlpawJ6H19txtFZ5ofTIu2znJO4u466Zg+74t/xHJwS1srrQJNhfpTm3UFuq/u9/tCWXsCUjcc6jBJI+UpOi49yUD4zCVM+63v0go9tn1LxOQhWAFtZ8Aevelgskzwp45FzZIX7p3zK0Es1JFul9Z8O05jdVcoyzNN2sjPfpfDc72hXgcQdxMRC5XpybT2JoD2ALV77APWArqoB4dY+oGGVUU9JXTocXZ7Q3PHZclVvbZ7aOuRhpip5lnsABWVq+f1wL1TxQyeMsOlTLKyajM1GFpErwFulv+hKgk5ANWP93ioLynnacfKzaaWZZfeFEs0pzlR78FMcTThhqeQnV/aOOb8xPoJo6q7CleKRjmW8GfOpThbkEtCR0h2LLWBfSTjkhQcTIxg6dKuYwZ0wCfW6gUubvxhuYBLKKZ+dSIWfUcN7QRVgxsnthX49HSP0tcLz9Jft3q6YxoVUkMIgW12iLvkEX9PmKTlD9qfHTSyy3JQawpEQJ2V03NJk1NgyQsDzpgz3FOObqD45b/rUGxb8o0FAu2nR+VQ3FYCAUlRnnZ43x9HcYpUqW2Wn22MGqIP401qNTrwVLiTUlTdWcLDsjjJDo3guhfDRURlxcZGGS59W895x+0kgM/5FAYMhwwV9O8lDA6T17hon9+Yrm1H/qoeXwnS/CVe2n2PwyPLGloQpKz1WOeqSB0pHTJE+m7QwrNk67BWXNdgsm5hmZ50S+gIVQ5rQHBlUpL00sRcWY1iolZ1Hzn74r1OqfrywK/Fr0YOKhZU58deFc126pQfEtrq18KfsNGqKJDRlgMMS/ktWTDKgAy80UZUL50obUKi8MMVPpP9BTrk+Uh0EjiL+ZsVs5PUp/4EYCRp079x+5hNDc0S8owNu99kcLnKXYhJ7j0W7Y0+kxq8fTSD3evDwn3l8cmQZatGXhpgk9s0YD+oEItvr316Ejyz/xdJYU43uMNbO1lJC+pifAIkDBVY3NSvjaKRVC8jCsK/At/gHl5vnRDQVcDAekoSVa/WAyh8jKpku6CQZ422fsYtwz+8FI5n/S3nQuIXbiUqzTkp/qAkROFJe2DgS71i2+vgvacao9pjhaVzUjt+M9gAg8o3R1UksZ8CGVM4JzRdEpy9mOMHvAFLXR75S4v79EKVmtTdafaAiHsb6I4IYpSBxb1qh7srVyYFwKp8uiNjwlDrdOxKIzLjBNaGN0p7ghRDQbWw9VWeP0ZWD5/s2dvoRe9fS8bb4nmlpITlxwBtUp5mPWVCgtLQiA5vLXy+gKZNhMJeskAQ6PaHewAZPqnB/Ytdbl0p2t2nEuTO27HS1uxV9C9Jdm0iZMxdQ54UtcaiqCYnlw+i9MeKTvvn9MiP/2CBzJsL6gqB+oNHPM7W27CzdXb1Z2fkgq5JaVO4wEBlzWXC/8Y8Jqu4QWA9FN0Vjn+kJbNXVyqKob2w9Y4gfU=
Content-Type: multipart/alternative; boundary="_000_SA1PR15MB437061A5E3C4AE859BCEAADCB32C2SA1PR15MB4370namp_"
X-OriginatorOrg: meta.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA1PR15MB4370.namprd15.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: bc6d6658-ff62-469c-9e54-08dc47c886d6
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Mar 2024 03:56:16.0680 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: dVS9gm/sleGgvG6FG1GHeW/s9ODi6+bftPFvwmQ2VihOf6mWjSxka5s1TCNIrmS8
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR15MB5279
X-Proofpoint-ORIG-GUID: 1hqxC5MFGXSRiGYQvRof2-Q9bOkG5lK7
X-Proofpoint-GUID: 1hqxC5MFGXSRiGYQvRof2-Q9bOkG5lK7
X-Proofpoint-UnRewURL: 4 URL's were un-rewritten
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-18_12,2024-03-18_03,2023-05-22_02
Archived-At: <https://mailarchive.ietf.org/arch/msg/dd/AIVC9wJt03jz3kcILVoAB3urIu8>
Subject: Re: [dd] DBOUND scope
X-BeenThere: dd@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: DNS Delegation <dd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dd>, <mailto:dd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dd/>
List-Post: <mailto:dd@ietf.org>
List-Help: <mailto:dd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dd>, <mailto:dd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Mar 2024 03:56:24 -0000

> Where would this appear in http://www.example.com?  Or widget.sales.example.com? The way you use the PSL is to walk up the
> tree until you find the boundary. Or are you saying your cache will do
> this tree walk for you and put the results in the EDNS?  Yuck.

In the simplest implementation, the cache would simply include all the DELEG records appearing within the QNAME.  A DELEG-aware resolver needs to acquire these records anyway during resolution, so this is not asking the resolver to perform any additional resolution work.

>>It's true that further delegations down the tree could set the "registry" flag disingenuously.  That's not a problem: the client is only interested
>>in the "topmost registrable domain", and would ignore any indications from further down the tree.

> If you look at the PSL, that doesn't work. There are real cases like
> uk.com where there is one registry underneath another. It is not a bug
> that the entries in the PSL are manually reviewed to see that they're
> plausible.

I'm not saying we can get rid of manual curation processes.  I do think we can construct a few mechanical processes that cover the most common PSL use cases most of the time, reducing manual curation work to exceptions and edge cases.  There may even be some clients whose needs are met by purely mechanical metadata checks, with little or no manual intervention.

> This is hard.  Let's not get DELEG stuck in this swamp of a side show.

I agree!  We should ship DELEG before attempting this.  But also, we should try to structure DELEG so that it can be extended to support this later.  Right now, I think we're on track for that anyway.

v2.39.1 | Report a Bug | By Email | System Status