IETF Logo Mail Archive

[dns-at-ietf] Re: managing workload within and across DNS WGs

Petr Špaček <pspacek@isc.org> Sat, 08 November 2025 11:23 UTC

Return-Path: <pspacek@isc.org>
X-Original-To: dns-at-ietf@mail2.ietf.org
Delivered-To: dns-at-ietf@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id EABD786015E8 for <dns-at-ietf@mail2.ietf.org>; Sat, 8 Nov 2025 03:23:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.399
X-Spam-Level:
X-Spam-Status: No, score=-4.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=isc.org header.b="pwdtikwR"; dkim=pass (1024-bit key) header.d=isc.org header.b="PR1a39Xt"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ChMMpiSdaUlR for <dns-at-ietf@mail2.ietf.org>; Sat, 8 Nov 2025 03:23:27 -0800 (PST)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.2.50]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 4FA7286015E3 for <dns-at-ietf@ietf.org>; Sat, 8 Nov 2025 03:23:26 -0800 (PST)
Received: from zimbra10.isc.org (zimbra10.isc.org [149.20.2.90]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx.pao1.isc.org (Postfix) with ESMTPS id CBCDA4E4031; Sat, 08 Nov 2025 11:23:25 +0000 (UTC)
ARC-Filter: OpenARC Filter v1.0.0 mx.pao1.isc.org CBCDA4E4031
Authentication-Results: mx.pao1.isc.org; arc=none smtp.remote-ip=149.20.2.90
ARC-Seal: i=1; a=rsa-sha256; d=isc.org; s=ostpay; t=1762601005; cv=none; b=hIspzEdPUelsYnUN+X5BGdFXVqp4Jah1J69fwPlsmKJLmQKi2gD6kZbxB8rMJA5ao4tGoRrRySESrKT08mrIKy/l6kXG0uIWDRtZ7raEAuKi/6l/a4/5BBKJFx9bgB9Y+lTzFwoi0zb3M115l69oQhDxgx3dhE/VH8SZzZd2W9w=
ARC-Message-Signature: i=1; a=rsa-sha256; d=isc.org; s=ostpay; t=1762601005; c=relaxed/relaxed; bh=mjOszpoWFlT/4h6W5ZBctSUIXawJ+PenRTlL1jTzj9Q=; h=DKIM-Signature:DKIM-Signature:Message-ID:Date:MIME-Version: Subject:To:From; b=IZvbaPLl504UnAGK346kErbYaTBRX3wmvs9EOYBF6nDyAUMHzpN+RTAwM/cLMVONeGEZUuMCpmangxMF76F0jJQOMnBpYQWxrkZiQvYnwW7aDvIaNvbqSoS3IDeGrX8k3wwss3u+35P9BwozsDfP5TxF3vOU1LzdJ2Ow4lGyytQ=
ARC-Authentication-Results: i=1; mx.pao1.isc.org
DKIM-Filter: OpenDKIM Filter v2.10.3 mx.pao1.isc.org CBCDA4E4031
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=isc.org; s=ostpay; t=1762601005; bh=hxRTKff66L/gq0bCu5xtNVy8QWmLfRYve1xhRRCHOU8=; h=Date:Subject:To:References:From:In-Reply-To; b=pwdtikwRZeRBB9xwq/e8TBmBnaIAq16Q1AOzJYxacuQFbX5YvKHYhTKaYNxdASIdN ncnInK439nhMtQRrBNx6749hrKeepG6LLjNuRhTVpcJE3ig4wsb6Ag+sLd/cBEaBT4 Tvb0lEj+F9Vyj/7Xs/dvjo8BkLRZSmIiwUGns9AE=
Received: from zimbra10.isc.org (localhost [127.0.0.1]) by zimbra10.isc.org (Postfix) with ESMTPS id C56262E6030D; Sat, 8 Nov 2025 11:23:25 +0000 (UTC)
Received: from zimbra10.isc.org (localhost [127.0.0.1]) by zimbra10.isc.org (Postfix) with ESMTPS id B749D2E6030F; Sat, 8 Nov 2025 11:23:25 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.10.3 zimbra10.isc.org B749D2E6030F
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isc.org; s=05DFB016-56A2-11EB-AEC0-15368D323330; t=1762601005; bh=mjOszpoWFlT/4h6W5ZBctSUIXawJ+PenRTlL1jTzj9Q=; h=Message-ID:Date:MIME-Version:To:From; b=PR1a39XtlFY99G6fUo0A5weAcVZy8HFHAvL7Wyna4RSoSK9axzBnYM4s9o+3Lyqb/ RqpUi33+4ac1VniXYo2p1sNspwLGgq956r9mN+EAANmvQKzfZ/Yl1Nlrg8Ys3ADXWY qirJw+HKtWX+ZnvOF0Rtj0mT1R2F0L+naztIgbPY=
Received: from [10.0.0.107] (modemcable209.114-176-173.mc.videotron.ca [173.176.114.209]) by zimbra10.isc.org (Postfix) with ESMTPSA id 4EA382E6030D; Sat, 8 Nov 2025 11:23:25 +0000 (UTC)
Message-ID: <984e69a4-06f8-47a7-8b62-8dc2533994ff@isc.org>
Date: Sat, 08 Nov 2025 06:23:24 -0500
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: dns-at-ietf@ietf.org, Wes Hardaker <wjhns1@hardakers.net>, Shumon Huque <shuque@gmail.com>, Ondřej Surý <ondrej@sury.org>
References: <yblwm4259bs.fsf@wx.hardakers.net> <3B7B6340-D218-4992-A11A-335B0DAF6007@sury.org> <ybla50x62zj.fsf@wx.hardakers.net> <42051fc6-570f-47fe-a28e-480417a370ec@isc.org>
From: Petr Špaček <pspacek@isc.org>
Content-Language: en-US
Autocrypt: addr=pspacek@isc.org; keydata= xsFNBF/OJ/4BEAC0jP/EShRZtcI9KmzVK4IoD/GEDtcaNEEQzPt05G8xtC0P4uteXUwW8jaB CdcKIKR4eUJw3wdXXScLNlyh0i+gm5mIvKPrBYNAMOGGnkbAmMQOt9Q+TyGeTSSGiAjfvd/N nYg7L/KjVbG0sp6pAWVORMpR0oChHflzKSjvJITCGdpwagxSffU2HeWrLN7ePES6gPbtZ8HY KHUqjWZQsXLkMFw4yj8ZXuGarLwdBMB7V/9YHVkatJPjTsP8ZE723rV18iLiMvBqh4XtReEP 0vGQgiHnLnKs+reDiFy0cSOG0lpUWVGI50znu/gBuZRtTAE0LfMa0oAYaq997Y4k+na6JvHK hhaZMy82cD4YUa/xNnUPMXJjkJOBV4ghz/58GiT32lj4rdccjQO4zlvtjltjp9MTOFbRNI+I FCf9bykANotR+2BzttYKuCcred+Q7+wSDp9FQDdpUOiGnzT8oQukOuqiEh3J8hinHPGhtovH V22D0cU6T/u9mzvYoULhExPvXZglCLEuM0dACtjVsoyDkFVnTTupaPVuORgoW7nyNl0wDrII ILBqUBwzCdhQpYnyARSjx0gWSG1AQBKkk5SHQBqi1RAYC38M59SkpH0IKj+SaZbUJnuqshXh UIbY1GMHbW/GDhz7pNQFFYm2S4OPUBcmh/0O0Osma151/HjF7wARAQABzR9QZXRyIMWgcGHE jWVrIDxwc3BhY2VrQGlzYy5vcmc+wsGXBBMBCABBAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4B AheAAhkBFiEEEVO2++xeDVoSYmDzq9WHzfBlga4FAmd7vqsFCQmG4S0ACgkQq9WHzfBlga5H dA//SNIJAXyYxpoIrQwtTSOded93J+CIYHd2ArxCsS+ZXzeaSkHcqp2QfneLY2yyiQwjeivu MfqEBIASNZ94T+4OjhEHAFaAUJQtYMY7qmH69Q5h1PQMk/HZX4QNEDB6dihjz4wunB2mRcac GnRziAQUAnlHSSZDU2EtTddmRYTCaeX9rU8O5ja0+qPBJket7PjS0yT8DQJF+aKRsQz17ywT 3rNR7NBgeKrkBud4/zE7VRoxSRCPkWkgixEog+AotZt22psgQTv+kWx89+7cTiFZaLMmtV6v Ws8QTpDRDM3hCJBCI6qk61k8SLuQ+5VuVWBM/ozoN1ON2J9anxVTrxhNsFM3RLHV/Qh9p/0y T4our7JxB6dsos3HtlRR2npXS1PMrrXt7ZnnfYao+9zbOrZHC7NRY3feaLhieLx1pKmdDRHT CAbqaGnqX22hYYemtYFzSAv7stCdqdncAEkZJy4HByjQwFVGn8A6rp7H1xV2LmlkNAMEoWrT GJ+wH8A+VA3qbZF9Ab8Ht2GRj3mQQ4h8NnRYjKyqecCQOI5Xmn4S61nQ9y+wOBUSTlAQ6a5n LmMpCVe2/D4pWFxpUxc1z8Hq+uEN95sPgbihiSdgBR50DRdqW57ulFHA9LKJ0AEnBtQfvVth qAkvG8iBYl+UpoX1xW+dbX2g6nI5Rbx8u+EojKXOwU0EX84n/gEQANARNXihDNc1fLNFZK5s O14Yg2TouK9eo9gGh4yLSrmZ3pjtnuJSpTWmGD4g0EYzhwWA/T+CqjUnrhsvzLQ1ECYVqLpM VqK2OJ9PhLRbx1ITd4SKO/0xvXFkUqDTIF6a5mUCXH5DzTQGSmJwcjoRv3ye+Z1lDzOKJ+Qr gDHM2WLGlSZAVGcUeD1S2Mp/FroNOjGzrFXsUhOBNMo8PSC4ap0ZgYeVBq5aiMaQex0r+uM4 45S1z5N2nkNRYlUARkfKirqQxJ4mtj5XPC/jtdaUiMzvnwcMmLAwPlDNYiU0kO5IqJFBdzmJ yjzomVk1zK9AYS/woeIxETs+s6o7qXtMGGIoMWr6pirpHk4Wgp4TS02BSTSmNzParrFxLpEU dFKq3M0IsBCVGvfNgWL2pKKQVq34fwuBhJFQAigR9B3O9mfaeejrqt73Crp0ng0+Q74+Llzj EIJLOHYTMISTJyxYzhMCQlgPkKoj+TSVkRzBZoYFkUt4OXvlFj73wkeqeF8Z1YWoOCIjwXH9 0u2lPEq0cRHHyK+KSeH1zQJ4xgj0QDGPmkvi81D13sRaaNu3uSfXEDrdYYc+TSZd2bVh2VCr xrcfzQ1uz9fsdC9NPdNd7/mHvcAaNc5e9IhNh67L54aMBkzlJi18d0sWXOOHkyLSvbHnC/OP wv7qCf69PUJmtoeHABEBAAHCwXwEGAEIACYCGwwWIQQRU7b77F4NWhJiYPOr1YfN8GWBrgUC Z3u+zwUJCYbhUQAKCRCr1YfN8GWBrmljD/45mvtqiWzATkikxkJjTlxfhJBGUFXUoPXqvo8l 8zACTTnn6/K7v1TcFmtSHtLqQiTGwwq1vGQSjEG+UFzdXohex9MTv+7JHr+fcQfxFtxYeVGn k9fSkRkIdtpUzuCnBC27VYbq5S+nk4+ophmjm7rFVWd4tz+XTFZkuHTRImWxbaF9EZ/fuWmm XaICw+lzGan9BteM1ZSLIjzSPd7LoG55SuoVtAV91J5oLPo6KDOzgPEffalm2LJo7+ZaAeW6 diQUXxQpvAAROR/l1D1DIIQ0OJOqv0QRFyHt/zBbKgWmGaTQqF5aNab4ukVAt0LMsCkCjA11 HhcUnUwrixHR4V8G3UlHTQsWReiXfPerv/BewTsPHSzIfmufNlrBDfS/uIYdwquZfhOSsK9Z DUJFkaHudJC6tRVQ5LBVFqjgtZDllpAj1cOG7WmlTwHblj/r2+LMpOVHApByNkehEOA2c4Bn tcQ/8qSeorJCyd1/5A5+bUFIfIAJbRz4Ja21JgH107oCMX3hsGEzMnuwplYTf9NP4Dq0FQhK vkXzdnDhhXef8nUqF7l32hj9x1BCLFZ4FFe6iuKD7Q9p83Ca1HDdxauIrsrXTsEr1bjg2o/A JXI4A3sUunmiIf/tu+3riXUhA10P1IG11yEQ4y9ogE6knvOraRBwZ8gvFT7J2YLXJrF5mQ==
In-Reply-To: <42051fc6-570f-47fe-a28e-480417a370ec@isc.org>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Message-ID-Hash: E6OWBBRB6VFE22ZJLWJMPC3GIXQHHBBW
X-Message-ID-Hash: E6OWBBRB6VFE22ZJLWJMPC3GIXQHHBBW
X-MailFrom: pspacek@isc.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [dns-at-ietf] Re: managing workload within and across DNS WGs
List-Id: "This list is to discuss the structure of DNS work in the IETF, and DNSOP in particular." <dns-at-ietf.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-at-ietf/vE02c72K4_sOS0IEXmgtniqt_vA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-at-ietf>
List-Help: <mailto:dns-at-ietf-request@ietf.org?subject=help>
List-Owner: <mailto:dns-at-ietf-owner@ietf.org>
List-Post: <mailto:dns-at-ietf@ietf.org>
List-Subscribe: <mailto:dns-at-ietf-join@ietf.org>
List-Unsubscribe: <mailto:dns-at-ietf-leave@ietf.org>

On 07. 11. 25 15:54, Petr Špaček wrote:
> Just from a quick glance this list problematic documents would include:
> 
> - RFC 7706: Decreasing Access Time to Root Servers by Running One on 
> Loopback (implemented differently)
> - RFC 7828: The edns-tcp-keepalive EDNS0 Option
> - RFC 7901: CHAIN Query Requests in DNS
> - RFC 8020 NXDOMAIN: There Really Is Nothing Underneath - cannot be 
> switched on
> - RFC 8094: DNS over Datagram Transport Layer Security (DTLS)
> - RFC 8145: Signaling Trust Anchor Knowledge in DNS Security Extensions 
> (DNSSEC) - implemented but data were so bad that it had to be replaced 
> with RFC 8509 shortly
> - RFC 8490: DNS Stateful Operations
> - RFC 8767: Serving Stale Data to Improve DNS Resiliency (implemented 
> differently)
> - RFC 8806: Running a Root Server Local to a Resolver (implemented 
> differently)
> - RFC 9102: TLS DNSSEC Chain Extension
> - RFC 9567: DNS Error Reporting
> 
> Obviously I did not go through list of all the RFCs every published.

This list really triggered some people and I got lots of complains, so 
lemme explain a bit:

In my view the whole purpose of RFC process is _interoperability_.

Imagine a new implementer shows up and starts _actually implementing_ 
what RFCs said. Today new entrants have a very, very bad day. Even such 
a basic protocol feature as NXDOMAIN is _still_ broken in the wild and 
whoever tried to implement RFC 8020 knows that is simply does not 
thinginteroperate on the current internet. Unbound has code for it, 
Cacheserve has it too, but both have disabled it by default because it 
does not work. (Unless you don't care about pockets of Akamai CDN, or 
Facebook, or ...). And it was way worse in November 2016 when the 
document was published.

The document admits there might be a problem but handwaves it away. Quote:
    Such name servers are definitely wrong and have always been.  Their
    behaviour is incompatible with DNSSEC.  Given the advantages of
    "NXDOMAIN cut", there is little reason to support this behavior.

Thanks IETF! That really helped me to write interoperable 
implementation! For that very reason the document fails very basic 
litmus test - "does it interoperate as described?" Hell no. The document 
is more of a political statement than standards document which actually 
interoperates.



RFC 7706/8806 story is a bit different. It does interoperate on paper, 
but no implementation bothered to actually follow what these two RFCs 
say and everyone I'm aware of implemented something else. Perhaps that 
might be taken as an indication the document should have said something 
else?


I guess we can generalize this:
When an implementer takes current work products of dnsop WG, they _need_ 
to know the oral history of the DNS to interpreted these documents 
correctly and create interoperable implementation. That is NOT how I 
would describe high quality standards documents.

Summary:
Requiring implementations before rubber stamping RFCs would improve 
quality of output. I believe at the same time it would cut down on 
amount of busy work the WG does for no tangible effect (= docs nobody 
implements).

I hope this clarifies what I'm trying to say.

-- 
Petr Špaček

v2.38.3 | Report a Bug | By Email | System Status