IETF Logo Mail Archive

Re: [dnsext] Fwd: New Version Notification for draft-ah-dnsext-rfc1995bis-ixfr-02

Brian Dickson <brian.peter.dickson@gmail.com> Thu, 16 June 2011 20:48 UTC

Return-Path: <brian.peter.dickson@gmail.com>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B75111E8293 for <dnsext@ietfa.amsl.com>; Thu, 16 Jun 2011 13:48:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.299
X-Spam-Level:
X-Spam-Status: No, score=-3.299 tagged_above=-999 required=5 tests=[AWL=0.300, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HAK---Q6vpbW for <dnsext@ietfa.amsl.com>; Thu, 16 Jun 2011 13:48:22 -0700 (PDT)
Received: from mail-fx0-f44.google.com (mail-fx0-f44.google.com [209.85.161.44]) by ietfa.amsl.com (Postfix) with ESMTP id 76D7E11E8170 for <dnsext@ietf.org>; Thu, 16 Jun 2011 13:48:22 -0700 (PDT)
Received: by fxm15 with SMTP id 15so1561971fxm.31 for <dnsext@ietf.org>; Thu, 16 Jun 2011 13:48:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=2UwGkXZkV1CkO/zPzzDY69ZgRJcrEOdAubxpx0GwJ6w=; b=tTaUzRmv80BmjUZtgDhGgl4qgpjPCaCgXKoNt4JuVtA0IElIQrvUsXHO8DtpmI593l GAqXlDo/CrH1Ackdur9Ddf7Vow4QXaBqDJNj9KE7K9oLa1JcvNzhEnAdR2PCf0nLqHOt 27nNFiGz/YKaihuQarS/BQyBL4ot4KFF3PMIk=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=fG9MElr+F9UZ/mZii1zownEN2Za7hIagQ27iruhnqmZObUcBbyVurzDMh260IimLWh IRPhumrKkB2EzbvFH+z9XMxIFP30rRkXWedelvVwN1fIMoEEIXOgbL9HofLKySIOK+WE t0XfPWwOh8PIkqaqZptNikjH9i65UFuZoLyU8=
MIME-Version: 1.0
Received: by 10.223.73.133 with SMTP id q5mr1631872faj.127.1308257301486; Thu, 16 Jun 2011 13:48:21 -0700 (PDT)
Received: by 10.223.123.79 with HTTP; Thu, 16 Jun 2011 13:48:21 -0700 (PDT)
In-Reply-To: <a06240803ca1fd7525c50@10.31.201.23>
References: <4DB81069.3080404@nic.cz> <4DF9B5BD.7010900@nic.cz> <a06240803ca1fd7525c50@10.31.201.23>
Date: Thu, 16 Jun 2011 16:48:21 -0400
Message-ID: <BANLkTinjRDHyKH-tLEoejodXb2+7qQLO7w@mail.gmail.com>
From: Brian Dickson <brian.peter.dickson@gmail.com>
To: Edward Lewis <Ed.Lewis@neustar.biz>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: dnsext@ietf.org
Subject: Re: [dnsext] Fwd: New Version Notification for draft-ah-dnsext-rfc1995bis-ixfr-02
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jun 2011 20:48:23 -0000

On Thu, Jun 16, 2011 at 3:22 PM, Edward Lewis <Ed.Lewis@neustar.biz> wrote:

> 2. For the first time I have thought abotu IXFR-only and I don't get it at
> all.  The reason is I don't accept that "If this is not possible, in the
> case of bare IXFR, the server falls back to AXFR, i.e. it provides the full
> zone content."
>
[snip]
>
> RFC 1995 never specifies that a failed IXFR will cause an AXFR to happen.

Actually, it does, right at the beginning of section 4. Quoting the text:

4. Response Format


   If incremental zone transfer is not available, the entire zone is
   returned.  The first and the last RR of the response is the SOA
   record of the zone.  I.e. the behavior is the same as an AXFR
   response except the query type is IXFR.


> Thinking in another vein, if a client chooses not to ever use AXFR, then
> what happens when IXFR requests can't be satisfied?  Let the zone EXPIRE?
>  Is a dead server better than a server that is taking time to sync up?
>  (This calls out the motivation for IXFR-only.)

Those fall under the scope of operator, rather than implementer, issues.
Presumably the operator will act sensibly, trying all available
sources for IXFR-ONLY,
before giving up and doing an explicit AXFR.

The need for IXFR-ONLY is the desire to have interoperable implementations.

Suggesting that non-interoperable implementations of IXFR, to support IXFR-ONLY,
goes against common sense.

It is reasonable to expect zone administrators to operate multiple
authority servers for their zones.
It is reasonable to expect that zone administrators will want to have
zones instances be identical.
It is reasonable to expect that zone administrators may want to
operate servers from multiple vendors.

When you combine "multiple vendors" with "zone instances identical",
and add in "efficient transport",
you get the requirement for inter-vendor, interoperable IXFR, quite
possibly with IXFR-ONLY as a desired
capability.

The problem is, there is no current work-around, and adding this
without -bis standardization, isn't
necessarily interoperable. Better to update the standard. It's a no-brainer.

(End of flogging of the deceased quadroped.)

Brian

v2.23.0 | Report a Bug | By Email