Re: [dmarc-ietf] Draft 10 notes: NXDOMAIN
"Murray S. Kucherawy" <superuser@gmail.com> Tue, 28 June 2022 19:09 UTC
Return-Path: <superuser@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7EB5EC15AD20 for <dmarc@ietfa.amsl.com>; Tue, 28 Jun 2022 12:09:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ln6IWI_q8vnR for <dmarc@ietfa.amsl.com>; Tue, 28 Jun 2022 12:09:30 -0700 (PDT)
Received: from mail-lj1-x231.google.com (mail-lj1-x231.google.com [IPv6:2a00:1450:4864:20::231]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 75FEDC15AADF for <dmarc@ietf.org>; Tue, 28 Jun 2022 12:09:30 -0700 (PDT)
Received: by mail-lj1-x231.google.com with SMTP id o23so16049970ljg.13 for <dmarc@ietf.org>; Tue, 28 Jun 2022 12:09:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=lvYych/hMsoiMH7BKb/D3hKXZ/CVZlwj7VxSTULGlrU=; b=RovaSmxC2MwVWByDdaGRxpC3THd/pehtQ5n0g2bJ4bAbFxU0sZEc0k9OOOtBvoTcuU 0ztnW6QLgfXDalU6RuQ5E2iIaylpgoOXgV5/3lqBjRi7oT6dpZ9fhd7bTAfZDzvue2fe fWDvaM8lC7wbjvByzCGMqQk0qBr7roKYeQqGSC86Gy/MpPXJLAasK4AR8WBCRSmOO9jd 6/cS5W5ESA9+YPsG7U5yVkfrY5jcimu0UNdDJ9/eUvIsO9XffbWTSvtBRHT0DvYZEFcv k8NE0J4pvw+PosXHbkXNtgVkooHydXwmeEu6PGLfK1goQ7l2YVDMsafhJspYM2HcPqar jn/Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=lvYych/hMsoiMH7BKb/D3hKXZ/CVZlwj7VxSTULGlrU=; b=g5+Qb/mObCH+rA5ycrepEwW5/QgpYw/w9fO02vuJKDLq5ib+2UYqAhPau0sNdHUTEo o+MbPcACXeT0oZoBolPmx025UVso3WtUwshn+aAU6XwGXupHu485w9tzfdHa47+njSLC nmhSl6lhDO9AYaWIB/f03f2Gphp1Y8l/YxmI2f3oiHBRmqZMl39t7clTUXisPtNgg7YU K7gN4SIVwO763UDZkxISPsvGOJSJCozQ32hE+Euk0PlKYe57o7MnzRb8ocXcDGO+15i0 psh08uMl+d0oa1MBvM3OyoMmHe/nubOFnCbT0Bw8kJOnWegINhndcmykHdjQx5/jMGKK CDrA==
X-Gm-Message-State: AJIora+WhRZIiGJS2fUG05Kcg41cH8DbFAP7c4EAiFgFOMnYl+y4AqQV OsgkLaHA5lk7kZUNJM3WzjC44QFm5/U9yvCpU+o=
X-Google-Smtp-Source: AGRyM1uDGsjCeb4cF44hQ5rrJnkbjT3nmrWAsg/QCzj6JLKFL8IRIlQsdC3beEXGvJgB7+hzZ53wjpol6EVWjpBsxpQ=
X-Received: by 2002:a2e:bc27:0:b0:25b:c3b8:dada with SMTP id b39-20020a2ebc27000000b0025bc3b8dadamr6487872ljf.356.1656443368551; Tue, 28 Jun 2022 12:09:28 -0700 (PDT)
MIME-Version: 1.0
References: <CAH48Zfy4mKG=K+YamFiQVSt0D-oDPOBDaJLsW3iX7HucCQRV+g@mail.gmail.com> <CAHej_8nve0nevJ5=F7MPCQc4s=KPjQqNe++KOhiYbJPh_Q0yUg@mail.gmail.com> <CAH48Zfzk33iAd_8iyQ43kovXCf8pbNiNYP8MfY=gt7-=M6KZ7g@mail.gmail.com>
In-Reply-To: <CAH48Zfzk33iAd_8iyQ43kovXCf8pbNiNYP8MfY=gt7-=M6KZ7g@mail.gmail.com>
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Tue, 28 Jun 2022 09:09:16 -1000
Message-ID: <CAL0qLwbHwb6mEmLbQKrZeytzQ66hJQ90oM6LpN6e86Amfibabw@mail.gmail.com>
To: Douglas Foster <dougfoster.emailstandards@gmail.com>
Cc: Todd Herr <todd.herr@valimail.com>, IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000092b86f05e286c66d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/gAoDKxAkynddqaBCQTGpVHotrFk>
Subject: Re: [dmarc-ietf] Draft 10 notes: NXDOMAIN
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jun 2022 19:09:34 -0000
(as participant) Yes, that's clearly a broken implementation. I imagine the DMARC document could say it relies on proper implementations of 8020, but improper ones are known to be in the wild, and results are unpredictable when these are encountered. Given the IETF is a standards organization, one could also argue that this is redundant or superfluous, but it's probably also harmless. -MSK On Mon, Jun 27, 2022 at 2:37 PM Douglas Foster < dougfoster.emailstandards@gmail.com> wrote: > My testing was done more than a year ago. My recollection is that I > discovered it based on something in the wild, and then confirmed it with a > locally-configured experiment. This time I am having trouble finding > examples. > > The only one I can verify is from a previous email exchange on this forum: > > mail.foodnetwork.com > returns NXDOMAIN > > but > _dmarc.mail.foodnetwork.com > returns DATA for type=TXT > > On Mon, Jun 27, 2022 at 9:52 AM Todd Herr <todd.herr@valimail.com> wrote: > >> On Sun, Jun 26, 2022 at 1:27 PM Douglas Foster < >> dougfoster.emailstandards@gmail.com> wrote: >> >>> Our draft references and repeats RFC 8020, which asserts that >>> >>> "when a DNS resolver receives a response with a response code of >>> NXDOMAIN, it means that the domain name which is thus denied AND ALL THE >>> NAMES UNDER IT do not exist." >>> >>> My testing indicates that this is not correct. NXDOMAIN means that no >>> resource records exist for the specified domain name. The domain may >>> contain subdomain nodes which may contain resource records. >>> >>> My testing performed on Windows. >>> >>> Can someone else test this and report your results? >>> >>> >> It might help further the discussion if you were to favor the rest of us >> with the examples you used. >> >> Specifically, for which domain name did you query and received an >> NXDOMAIN response, and for which subdomain node of that domain did you >> query and receive resource record(s) in return? >> -- >> >> *Todd Herr * | Technical Director, Standards and Ecosystem >> *e:* todd.herr@valimail.com >> *m:* 703.220.4153 >> >> This email and all data transmitted with it contains confidential and/or >> proprietary information intended solely for the use of individual(s) >> authorized to receive it. If you are not an intended and authorized >> recipient you are hereby notified of any use, disclosure, copying or >> distribution of the information included in this transmission is prohibited >> and may be unlawful. Please immediately notify the sender by replying to >> this email and then delete it from your system. >> > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc >
- [dmarc-ietf] Draft 10 notes: NXDOMAIN Douglas Foster
- Re: [dmarc-ietf] Draft 10 notes: NXDOMAIN Todd Herr
- Re: [dmarc-ietf] Draft 10 notes: NXDOMAIN John Levine
- Re: [dmarc-ietf] Draft 10 notes: NXDOMAIN Douglas Foster
- Re: [dmarc-ietf] Draft 10 notes: NXDOMAIN Douglas Foster
- Re: [dmarc-ietf] Draft 10 notes: NXDOMAIN Todd Herr
- Re: [dmarc-ietf] Draft 10 notes: NXDOMAIN Douglas Foster
- Re: [dmarc-ietf] Draft 10 notes: NXDOMAIN Scott Kitterman
- Re: [dmarc-ietf] Draft 10 notes: NXDOMAIN Murray S. Kucherawy