Re: [dnsext] enough is enough
Jim Reid <jim@rfc1035.com> Sun, 21 December 2014 10:18 UTC
Return-Path: <jim@rfc1035.com>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBAC81A037D for <dnsext@ietfa.amsl.com>; Sun, 21 Dec 2014 02:18:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.011
X-Spam-Level:
X-Spam-Status: No, score=-0.011 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xiXUPM4n9JCf for <dnsext@ietfa.amsl.com>; Sun, 21 Dec 2014 02:18:22 -0800 (PST)
Received: from shaun.rfc1035.com (smtp.v6.rfc1035.com [IPv6:2001:4b10:100:7::25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 595961A037B for <dnsext@ietf.org>; Sun, 21 Dec 2014 02:18:22 -0800 (PST)
Received: from gromit.rfc1035.com (gromit.rfc1035.com [195.54.233.69]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by shaun.rfc1035.com (Postfix) with ESMTPSA id 306C3242143B; Sun, 21 Dec 2014 10:18:20 +0000 (UTC)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Jim Reid <jim@rfc1035.com>
In-Reply-To: <20141221094454.GC13389@xs.powerdns.com>
Date: Sun, 21 Dec 2014 10:18:19 +0000
Content-Transfer-Encoding: quoted-printable
Message-Id: <11AD7639-D2AA-41F4-ACA4-70190E449253@rfc1035.com>
References: <20141220125805.GB20765@xs.powerdns.com> <20141220142506.C7EA12630502@rock.dv.isc.org> <A78F8417-AEA2-42BF-A7D5-96FE99DCBBBE@rfc1035.com> <20141220204337.4F47026313BC@rock.dv.isc.org> <7A31183A-CC1E-4F0A-A2EA-848B10B60A2B@insensate.co.uk> <E732A2F7-E467-4940-8A66-726FC894B4B3@frobbit.se> <20141221094454.GC13389@xs.powerdns.com>
To: bert hubert <bert.hubert@netherlabs.nl>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsext/NvyB788HQIt3N8y8HvJNckBB2m4
Cc: DNSEXT Group Working <dnsext@ietf.org>
Subject: Re: [dnsext] enough is enough
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext/>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Dec 2014 10:18:24 -0000
On 21 Dec 2014, at 09:44, bert hubert <bert.hubert@netherlabs.nl> wrote: > This would then come with a website with further explanations, and perhaps > even a registry of faults that has been decided we're not going to fix. Bert, your prototype email is all very well. Of course it would be nice if there was some botnet (say) which went looking for these broken DNS servers and sent an email from the aa=0 police like the one you suggested. However this is howling at the moon. For decades the DNS industry has been unable to get people to fix their lame delegations or get them to stop using BIND8 or to use software which does EDNS or... So an attempt along these lines to fix the aa=0 problem will be yet another Epic Fail. If DNS lameness can't be cured, contacting registrants -- assuming that was possible and it isn't -- to get software replaced surely won't succeed either. Everyone here should already know by now that contacting registrants en masse will never produce the desired outcome. We should also know why that approach is guaranteed to fail every time. Now who was it that said “The definition of insanity is doing the same thing over and over again, but expecting different results”? The only sensible approach to take here is to notify the vendors of the broken software and hope they do the Right Thing. If they don't, or their customers can't/won't upgrade, the rest of us just have to suck it up. 'Twas ever thus. At least the DNS developer community is small and fairly easy to reach. BTW, your Subject: header is appropriate. There's been more than enough discussion of this deeply flawed approach to fixing the aa=0 problem.
- [dnsext] Empty AA=0 AD=1 answers to AAAA queries:… bert hubert
- Re: [dnsext] Empty AA=0 AD=1 answers to AAAA quer… Mark Andrews
- Re: [dnsext] Empty AA=0 AD=1 answers to AAAA quer… bert hubert
- [dnsext] getting TLDs to fix other people's probl… Jim Reid
- Re: [dnsext] getting TLDs to fix other people's p… Mark Andrews
- Re: [dnsext] getting TLDs to fix other people's p… Lawrence Conroy
- Re: [dnsext] getting TLDs to fix other people's p… Patrik Fältström
- [dnsext] enough is enough bert hubert
- Re: [dnsext] getting TLDs to fix other people's p… Jim Reid
- Re: [dnsext] enough is enough Jim Reid
- Re: [dnsext] enough is enough Patrik Fältström
- Re: [dnsext] Empty AA=0 AD=1 answers to AAAA quer… Alex Bligh
- Re: [dnsext] enough is enough bert hubert
- Re: [dnsext] getting TLDs to fix other people's p… Jay Daley
- Re: [dnsext] enough is enough Mark Andrews
- Re: [dnsext] enough is enough Patrik Fältström
- Re: [dnsext] enough is enough Patrik Fältström
- Re: [dnsext] enough is enough Mark Andrews
- Re: [dnsext] enough is enough Patrik Fältström
- Re: [dnsext] enough is enough Stephane Bortzmeyer