Re: [dnsext] WG opinion on draft : Improvements to DNS Resolvers, for Resiliency, Robustness, and Responsiveness
Andrew Sullivan <ajs@shinkuro.com> Tue, 22 February 2011 14:09 UTC
Return-Path: <ajs@shinkuro.com>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 08C0B3A68F2 for <dnsext@core3.amsl.com>; Tue, 22 Feb 2011 06:09:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.581
X-Spam-Level:
X-Spam-Status: No, score=-102.581 tagged_above=-999 required=5 tests=[AWL=0.018, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KSFnWrRLeCNR for <dnsext@core3.amsl.com>; Tue, 22 Feb 2011 06:09:34 -0800 (PST)
Received: from mail.yitter.info (mail.yitter.info [208.86.224.201]) by core3.amsl.com (Postfix) with ESMTP id 2481F3A68F0 for <dnsext@ietf.org>; Tue, 22 Feb 2011 06:09:34 -0800 (PST)
Received: from crankycanuck.ca (69-196-144-230.dsl.teksavvy.com [69.196.144.230]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yitter.info (Postfix) with ESMTPSA id 139711ECB408 for <dnsext@ietf.org>; Tue, 22 Feb 2011 14:10:18 +0000 (UTC)
Date: Tue, 22 Feb 2011 09:10:16 -0500
From: Andrew Sullivan <ajs@shinkuro.com>
To: dnsext@ietf.org
Message-ID: <20110222141016.GC53815@shinkuro.com>
References: <4D622624.90303@ogud.com> <BF79BE89-20B2-4897-B07C-1426745C4AA9@verisign.com> <76781.1298327469@nsa.vix.com> <20110221224349.GT32224@shinkuro.com> <80121.1298330888@nsa.vix.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <80121.1298330888@nsa.vix.com>
User-Agent: Mutt/1.5.18 (2008-05-17)
Subject: Re: [dnsext] WG opinion on draft : Improvements to DNS Resolvers, for Resiliency, Robustness, and Responsiveness
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Feb 2011 14:09:35 -0000
No hat. On Mon, Feb 21, 2011 at 11:28:08PM +0000, Paul Vixie wrote: > yes. no initiator i know of discards rrsets just due to ttl variance. > therefore the guideance to initiators is effectively "do what BIND4 > 4.9 did" in other words treat the whole rr set as though it had the > ttl of the lowest rr therein. if rfc 2181 does not make this clear > then it is not providing reasonable and actionable guideance. Well, here's the section in toto: 5.2. TTLs of RRs in an RRSet Resource Records also have a time to live (TTL). It is possible for the RRs in an RRSet to have different TTLs. No uses for this have been found that cannot be better accomplished in other ways. This can, however, cause partial replies (not marked "truncated") from a caching server, where the TTLs for some but not all the RRs in the RRSet have expired. Consequently the use of differing TTLs in an RRSet is hereby deprecated, the TTLs of all RRs in an RRSet must be the same. Should a client receive a response containing RRs from an RRSet with differing TTLs, it should treat this as an error. If the RRSet concerned is from a non-authoritative source for this data, the client should simply ignore the RRSet, and if the values were required, seek to acquire them from an authoritative source. Clients that are configured to send all queries to one, or more, particular servers should treat those servers as authoritative for this purpose. Should an authoritative source send such a malformed RRSet, the client should treat the RRs for all purposes as if all TTLs in the RRSet had been set to the value of the lowest TTL in the RRSet. In no case may a server send an RRSet with TTLs not all equal. To me, it's pretty clear (1) that having different TTL values on RRs in the RRset is an error, (2) that you should just ignore such RRsets if they're not authoritative, (3) that is is a protocol error to send an RRset with different TTLs on different RRs in the set, and (4) that any client receiving such a set should use the lowest TTL in the set for everything. My own view is that the requirements are crystal clear, and since RFC 2181 updates all of 1034, 1035, and 1123 I think it changes the protocol. According to STD1, it's a Proposed Standard. A -- Andrew Sullivan ajs@shinkuro.com Shinkuro, Inc.
- Re: [dnsext] WG opinion on draft : Improvements t… David Blacka
- [dnsext] WG opinion on draft : Improvements to DN… Olafur Gudmundsson
- Re: [dnsext] WG opinion on draft : Improvements t… Brian Dickson
- Re: [dnsext] WG opinion on draft : Improvements t… Tony Finch
- Re: [dnsext] WG opinion on draft : Improvements t… Paul Vixie
- Re: [dnsext] WG opinion on draft : Improvements t… Andrew Sullivan
- Re: [dnsext] WG opinion on draft : Improvements t… Paul Vixie
- Re: [dnsext] WG opinion on draft : Improvements t… W.C.A. Wijngaards
- Re: [dnsext] WG opinion on draft : Improvements t… Andrew Sullivan
- Re: [dnsext] WG opinion on draft : Improvements t… Doug Barton
- Re: [dnsext] WG opinion on draft : Improvements t… Florian Weimer
- Re: [dnsext] WG opinion on draft : Improvements t… Florian Weimer
- Re: [dnsext] WG opinion on draft : Improvements t… Paul Vixie
- Re: [dnsext] WG opinion on draft : Improvements t… Paul Vixie
- Re: [dnsext] WG opinion on draft : Improvements t… Florian Weimer
- Re: [dnsext] WG opinion on draft : Improvements t… Florian Weimer
- Re: [dnsext] WG opinion on draft : Improvements t… Brian Dickson
- Re: [dnsext] WG opinion on draft : Improvements t… Edward Lewis
- Re: [dnsext] WG opinion on draft : Improvements t… Mark Andrews
- Re: [dnsext] WG opinion on draft : Improvements t… Paul Vixie
- Re: [dnsext] WG opinion on draft : Improvements t… Brian Dickson
- Re: [dnsext] WG opinion on draft : Improvements t… Paul Vixie
- Re: [dnsext] WG opinion on draft : Improvements t… Paul Vixie
- Re: [dnsext] WG opinion on draft : Improvements t… Tony Finch
- Re: [dnsext] WG opinion on draft : Improvements t… Florian Weimer