Re: [dd] [Ext] Desired extensions to today's DNS delegation?
Paul Wouters <paul@nohats.ca> Thu, 08 February 2024 15:55 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: dd@ietfa.amsl.com
Delivered-To: dd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2773BC14F617 for <dd@ietfa.amsl.com>; Thu, 8 Feb 2024 07:55:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.104
X-Spam-Level:
X-Spam-Status: No, score=-7.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Za3Juc_R6HxD for <dd@ietfa.amsl.com>; Thu, 8 Feb 2024 07:55:36 -0800 (PST)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2AD3EC14F61D for <dd@ietf.org>; Thu, 8 Feb 2024 07:55:35 -0800 (PST)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 4TW1m54dXTz3Ml; Thu, 8 Feb 2024 16:55:33 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1707407733; bh=HoWmwnw031E+pJj6ZCG8bB16fFGD7NwxNGBkTWsAkBQ=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=MJwDpu3QSlhwM/yz+bY/+5gB62nZJxmlREMHdBAk6JVacx/mS7PcyrXGDKjkfbSuA wadnidbDGFhS5SkGqyLmSFrjCLn0TU9U5YDxCTbyUOk7zWNyEa6qesgdg7RkujBopY 7e4Wm6v6Yg+swQQWPn4+dq0DyMQZvzKdHHxx3er4=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id 4C6_eUvY1dr1; Thu, 8 Feb 2024 16:55:32 +0100 (CET)
Received: from bofh.nohats.ca (bofh.nohats.ca [193.110.157.194]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Thu, 8 Feb 2024 16:55:32 +0100 (CET)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 529A3111A27E; Thu, 8 Feb 2024 10:55:31 -0500 (EST)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 4FC80111A27D; Thu, 8 Feb 2024 10:55:31 -0500 (EST)
Date: Thu, 08 Feb 2024 10:55:31 -0500
From: Paul Wouters <paul@nohats.ca>
To: Paul Hoffman <paul.hoffman@icann.org>
cc: "dd@ietf.org" <dd@ietf.org>
In-Reply-To: <4E8ECD82-586C-4C2A-ABB9-2071681D62C6@icann.org>
Message-ID: <18893980-6dd5-2e5f-06dc-d375533bcd44@nohats.ca>
References: <B7E6F8FD-0B14-41BF-BFE0-5CF2FEB576E9@icann.org> <4E8ECD82-586C-4C2A-ABB9-2071681D62C6@icann.org>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dd/uIRqkqBord6WZSqwthRKoc8Nk40>
Subject: Re: [dd] [Ext] Desired extensions to today's DNS delegation?
X-BeenThere: dd@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: DNS Delegation <dd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dd>, <mailto:dd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dd/>
List-Post: <mailto:dd@ietf.org>
List-Help: <mailto:dd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dd>, <mailto:dd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Feb 2024 15:55:41 -0000
On Thu, 8 Feb 2024, Paul Hoffman wrote: >> It's not clear to what extent this is related to DNS delegations at all (see draft-sullivan-dbound-problem-statement-02 Section 2) -- but perhaps it may be worth thinking about it for a little (even if only to declare it out of scope). > > That's a good addition to the list. Note that this informal list is just possibilities, not definitive. Personally, I'd be happy if people here investigated DBOUND and PSL ideas to see if they might apply. I generalized this a bit in my draft email yesterday: - signed statements of child zone policies or properties mapped into parent record (think dnskey flags). You also had in your list: > - Signed NS and glue records: Greater assurance for validating resolvers of information they receive currently I think you mean "signed delegation pointer to delegation material". Eg I don't think you mean actually signing the current NS/glue at the parent by the parent? Other items I have: - A usuable method to kickstart and/or update the alias method purely in DNS (think CDS/CSYNC like), avoiding RRR-model issues and delays. - A controversial one, that might be impossible, but would be cool to have so would like the WG to think about it. If we could see multiple DNS hosters for the child (each with NS/DS like records), and if one DNS hoster gives a non-existent result, to try the other DNS hoster. This would help people that feed (eg via REST API) zone updates to multiple DNS hosters, in case one of them fails in various different ways. - Another accidental feature or bug is if the parent contains enough information that looking up the child isn't even neccessary anymore. eg this is almost like serving without a zone cut. (eg if you have A/AAAA/MX of apex, perhaps you don't need anything else from a real child zone). Similar to the .de deployment options. Paul
- [dd] Desired extensions to today's DNS delegation? Paul Hoffman
- Re: [dd] Desired extensions to today's DNS delega… Peter Thomassen
- Re: [dd] Desired extensions to today's DNS delega… Brian Dickson
- Re: [dd] Desired extensions to today's DNS delega… Grant Taylor
- Re: [dd] Desired extensions to today's DNS delega… Geoff Huston
- Re: [dd] [Ext] Desired extensions to today's DNS … Paul Hoffman
- Re: [dd] [Ext] Desired extensions to today's DNS … Paul Wouters
- Re: [dd] [Ext] Desired extensions to today's DNS … Paul Hoffman
- Re: [dd] Desired extensions to today's DNS delega… Blacka, David
- Re: [dd] [Ext] Desired extensions to today's DNS … Paul Hoffman
- Re: [dd] Desired extensions to today's DNS delega… Roy Arends
- Re: [dd] [Ext] Desired extensions to today's DNS … Blacka, David
- Re: [dd] [Ext] Desired extensions to today's DNS … Blacka, David
- Re: [dd] [Ext] Desired extensions to today's DNS … Manu Bretelle
- Re: [dd] [Ext] Desired extensions to today's DNS … Paul Hoffman
- Re: [dd] [Ext] Desired extensions to today's DNS … Paul Hoffman