IETF Logo Mail Archive

Re: [dnsext] Empty AA=0 AD=1 answers to AAAA queries: your thoughts pls

bert hubert <bert.hubert@netherlabs.nl> Sat, 20 December 2014 14:41 UTC

Return-Path: <ahu@xs.powerdns.com>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C75A21A9149 for <dnsext@ietfa.amsl.com>; Sat, 20 Dec 2014 06:41:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.79
X-Spam-Level:
X-Spam-Status: No, score=0.79 tagged_above=-999 required=5 tests=[BAYES_50=0.8, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qRwTsSmkCU8t for <dnsext@ietfa.amsl.com>; Sat, 20 Dec 2014 06:41:34 -0800 (PST)
Received: from xs.powerdns.com (xs.powerdns.com [IPv6:2001:888:2000:1d::2]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4AA8E1A90B4 for <dnsext@ietf.org>; Sat, 20 Dec 2014 06:41:34 -0800 (PST)
Received: from ahu by xs.powerdns.com with local (Exim 4.71) (envelope-from <ahu@xs.powerdns.com>) id 1Y2LDm-0003FO-Mb; Sat, 20 Dec 2014 15:41:30 +0100
Date: Sat, 20 Dec 2014 15:41:30 +0100
From: bert hubert <bert.hubert@netherlabs.nl>
To: Mark Andrews <marka@isc.org>
Message-ID: <20141220144130.GA13389@xs.powerdns.com>
References: <20141220125805.GB20765@xs.powerdns.com> <20141220142506.C7EA12630502@rock.dv.isc.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20141220142506.C7EA12630502@rock.dv.isc.org>
User-Agent: Mutt/1.5.20 (2009-06-14)
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsext/5WETi-nLQWqFyWuMJaK4UMpS8GQ
Cc: ted.lemon@nominum.com, DNSEXT Group Working <dnsext@ietf.org>
Subject: Re: [dnsext] Empty AA=0 AD=1 answers to AAAA queries: your thoughts pls
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext/>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Dec 2014 14:41:36 -0000

On Sun, Dec 21, 2014 at 01:25:06AM +1100, Mark Andrews wrote:
> > I have a question if I am right in concluding something is a protocol
> > violation, and if we should reward it by papering it over or (finally)
> > concluding that enough is enough.
> 
> I've been thinking for a long time that enough is enough.  Named tried
> to reject all non referral "aa=0" from supposedly authoritative servers
> a while back and we had to reverse the change.  While pandora.tv has
> fixed the aa=0 issue they still return malformed answers.

What about if (say) ISC, NLNetlabs, Nominum, PowerDNS and Google DNS say
"enough is enough"?  

Because right now, the dynamics we all know are "yeah but you must fix it
since it works on X" (where X isn't you).

If we had a nice manifesto to point to, we could make this stick.

I estimate that >25% of the PowerDNS recursor now consists of "stuff we have
to do because the internet sucks". 

The horrible thing is that every workaround we add increases the chance we
break legitimate things, or open ourselves up to attacks that make good use
of our willingness to bend things to make them work.

> Personally I would like to take a stand.  Whether we can convince others
> is another matter.

Benno, Wilmer, Ted, Kumar, what do you think? We could coordinate off-list
perhaps?

	Bert

v2.23.0 | Report a Bug | By Email