Re: [dnsext] Empty AA=0 AD=1 answers to AAAA queries: your thoughts pls
bert hubert <bert.hubert@netherlabs.nl> Sat, 20 December 2014 14:41 UTC
Return-Path: <ahu@xs.powerdns.com>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C75A21A9149 for <dnsext@ietfa.amsl.com>; Sat, 20 Dec 2014 06:41:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.79
X-Spam-Level:
X-Spam-Status: No, score=0.79 tagged_above=-999 required=5 tests=[BAYES_50=0.8, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qRwTsSmkCU8t for <dnsext@ietfa.amsl.com>; Sat, 20 Dec 2014 06:41:34 -0800 (PST)
Received: from xs.powerdns.com (xs.powerdns.com [IPv6:2001:888:2000:1d::2]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4AA8E1A90B4 for <dnsext@ietf.org>; Sat, 20 Dec 2014 06:41:34 -0800 (PST)
Received: from ahu by xs.powerdns.com with local (Exim 4.71) (envelope-from <ahu@xs.powerdns.com>) id 1Y2LDm-0003FO-Mb; Sat, 20 Dec 2014 15:41:30 +0100
Date: Sat, 20 Dec 2014 15:41:30 +0100
From: bert hubert <bert.hubert@netherlabs.nl>
To: Mark Andrews <marka@isc.org>
Message-ID: <20141220144130.GA13389@xs.powerdns.com>
References: <20141220125805.GB20765@xs.powerdns.com> <20141220142506.C7EA12630502@rock.dv.isc.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20141220142506.C7EA12630502@rock.dv.isc.org>
User-Agent: Mutt/1.5.20 (2009-06-14)
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsext/5WETi-nLQWqFyWuMJaK4UMpS8GQ
Cc: ted.lemon@nominum.com, DNSEXT Group Working <dnsext@ietf.org>
Subject: Re: [dnsext] Empty AA=0 AD=1 answers to AAAA queries: your thoughts pls
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext/>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Dec 2014 14:41:36 -0000
On Sun, Dec 21, 2014 at 01:25:06AM +1100, Mark Andrews wrote: > > I have a question if I am right in concluding something is a protocol > > violation, and if we should reward it by papering it over or (finally) > > concluding that enough is enough. > > I've been thinking for a long time that enough is enough. Named tried > to reject all non referral "aa=0" from supposedly authoritative servers > a while back and we had to reverse the change. While pandora.tv has > fixed the aa=0 issue they still return malformed answers. What about if (say) ISC, NLNetlabs, Nominum, PowerDNS and Google DNS say "enough is enough"? Because right now, the dynamics we all know are "yeah but you must fix it since it works on X" (where X isn't you). If we had a nice manifesto to point to, we could make this stick. I estimate that >25% of the PowerDNS recursor now consists of "stuff we have to do because the internet sucks". The horrible thing is that every workaround we add increases the chance we break legitimate things, or open ourselves up to attacks that make good use of our willingness to bend things to make them work. > Personally I would like to take a stand. Whether we can convince others > is another matter. Benno, Wilmer, Ted, Kumar, what do you think? We could coordinate off-list perhaps? Bert
- [dnsext] Empty AA=0 AD=1 answers to AAAA queries:… bert hubert
- Re: [dnsext] Empty AA=0 AD=1 answers to AAAA quer… Mark Andrews
- Re: [dnsext] Empty AA=0 AD=1 answers to AAAA quer… bert hubert
- [dnsext] getting TLDs to fix other people's probl… Jim Reid
- Re: [dnsext] getting TLDs to fix other people's p… Mark Andrews
- Re: [dnsext] getting TLDs to fix other people's p… Lawrence Conroy
- Re: [dnsext] getting TLDs to fix other people's p… Patrik Fältström
- [dnsext] enough is enough bert hubert
- Re: [dnsext] getting TLDs to fix other people's p… Jim Reid
- Re: [dnsext] enough is enough Jim Reid
- Re: [dnsext] enough is enough Patrik Fältström
- Re: [dnsext] Empty AA=0 AD=1 answers to AAAA quer… Alex Bligh
- Re: [dnsext] enough is enough bert hubert
- Re: [dnsext] getting TLDs to fix other people's p… Jay Daley
- Re: [dnsext] enough is enough Mark Andrews
- Re: [dnsext] enough is enough Patrik Fältström
- Re: [dnsext] enough is enough Patrik Fältström
- Re: [dnsext] enough is enough Mark Andrews
- Re: [dnsext] enough is enough Patrik Fältström
- Re: [dnsext] enough is enough Stephane Bortzmeyer