IETF Logo Mail Archive

Re: [dnsext] Re: Building structured extensibility into EDNS0(bis)

Mark Andrews <marka@isc.org> Sun, 15 November 2009 21:29 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A2CCC3A6A11; Sun, 15 Nov 2009 13:29:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.001
X-Spam-Level:
X-Spam-Status: No, score=0.001 tagged_above=-999 required=5 tests=[BAYES_50=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wmJK-26tI7sO; Sun, 15 Nov 2009 13:28:59 -0800 (PST)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 8774E3A6840; Sun, 15 Nov 2009 13:28:56 -0800 (PST)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1N9mVi-000I0j-NM for namedroppers-data0@psg.com; Sun, 15 Nov 2009 21:19:50 +0000
Received: from [2001:4f8:3:bb::5] (helo=farside.isc.org) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <marka@isc.org>) id 1N9mVc-000I0U-DN for namedroppers@ops.ietf.org; Sun, 15 Nov 2009 21:19:44 +0000
Received: from drugs.dv.isc.org (drugs.dv.isc.org [IPv6:2001:470:1f00:820:214:22ff:fed9:fbdc]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "drugs.dv.isc.org", Issuer "ISC CA" (not verified)) by farside.isc.org (Postfix) with ESMTP id 71796E6064; Sun, 15 Nov 2009 21:19:42 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (8.14.3/8.14.3) with ESMTP id nAFLJZvp004785; Mon, 16 Nov 2009 08:19:38 +1100 (EST) (envelope-from marka@drugs.dv.isc.org)
Message-Id: <200911152119.nAFLJZvp004785@drugs.dv.isc.org>
To: Andrew Sullivan <ajs@shinkuro.com>
Cc: namedroppers@ops.ietf.org
From: Mark Andrews <marka@isc.org>
References: <200911131105.MAA11822@TR-Sys.de> <200911131952.nADJqcCu080258@drugs.dv.isc.org> <20091113205034.GB8755@shinkuro.com>
Subject: Re: [dnsext] Re: Building structured extensibility into EDNS0(bis)
In-reply-to: Your message of "Fri, 13 Nov 2009 15:50:35 CDT." <20091113205034.GB8755@shinkuro.com>
Date: Mon, 16 Nov 2009 08:19:35 +1100
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
List-Unsubscribe: To unsubscribe send a message to namedroppers-request@ops.ietf.org with
List-Unsubscribe: the word 'unsubscribe' in a single line as the message text body.
List-Archive: <http://ops.ietf.org/lists/namedroppers/>

In message <20091113205034.GB8755@shinkuro.com>, Andrew Sullivan writes:
> On Sat, Nov 14, 2009 at 06:52:38AM +1100, Mark Andrews wrote:
> 
> > Bump the EDNS version 
> 
> Really?  You're offering to do the work to make EDNS1 happen, and make
> it work for every mistake in EDNS0 implemations, and so on?

I know that we check the EDNS version number and return BADVERS.
That is all that you required of a EDNS0 server and it is part of
the EDNS0 spec so it should have been implemented.  Modern versions
of dig can be used to check this.

e.g.
% dig +edns=1

; <<>> DiG 9.7.0b2 <<>> +edns=1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: BADVERS, id: 29489
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;.                              IN      NS

;; Query time: 18 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Nov 16 07:57:59 2009
;; MSG SIZE  rcvd: 28

% 
 
ATLAS does the right thing.

% dig +edns=1 @a.gtld-servers.net ftp.uu.net +norec

; <<>> DiG 9.7.0b2 <<>> +edns=1 @a.gtld-servers.net ftp.uu.net +norec
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: BADVERS, id: 37488
;; flags: qr cd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;ftp.uu.net.                    IN      A

;; Query time: 358 msec
;; SERVER: 2001:503:a83e::2:30#53(2001:503:a83e::2:30)
;; WHEN: Mon Nov 16 08:10:29 2009
;; MSG SIZE  rcvd: 39

% 

Some of ORG's servers don't do the correct thing.  I've Bcc
noc@afilias-nst.info so they can take steps to make their nameservers
compliant.

% dig +edns=1 isc.org @a2.org.afilias-nst.info.
;; Warning: Message parser reports malformed message packet.

; <<>> DiG 9.7.0b2 <<>> +edns=1 isc.org @a2.org.afilias-nst.info.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: FORMERR, id: 60171
;; flags: qr rd; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; WARNING: Messages has 8 extra bytes at end

;; Query time: 179 msec
;; SERVER: 2001:500:40::1#53(2001:500:40::1)
;; WHEN: Mon Nov 16 08:12:31 2009
;; MSG SIZE  rcvd: 21

% 

> No-hat, I say, "I worry very much about the implications."
> 
> Chair-hat, I say, "Tell me a great deal about interoperability,
> failure cases, and the draft you've written."  Where "you" denotes,
> "Everyone who wants to follow this idea," of course.
> 
> A
> 
> -- 
> Andrew Sullivan
> ajs@shinkuro.com
> Shinkuro, Inc.
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org

v2.46.0 | Report a Bug | By Email | System Status