Re: [dnsext] Practical question about backwards compatibility and new proposals

Florian Weimer <fweimer@bfk.de> Fri, 17 September 2010 08:49 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 36E723A6BE6; Fri, 17 Sep 2010 01:49:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.431
X-Spam-Level:
X-Spam-Status: No, score=-0.431 tagged_above=-999 required=5 tests=[AWL=1.818, BAYES_00=-2.599, HELO_EQ_DE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WhKELISOnTur; Fri, 17 Sep 2010 01:49:25 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 921F03A688A; Fri, 17 Sep 2010 01:49:24 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.72 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1OwWXW-000Ljr-Tm for namedroppers-data0@psg.com; Fri, 17 Sep 2010 08:43:26 +0000
Received: from mx01.bfk.de ([193.227.124.2]) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.72 (FreeBSD)) (envelope-from <fweimer@bfk.de>) id 1OwWXU-000Lj1-6H for namedroppers@ops.ietf.org; Fri, 17 Sep 2010 08:43:24 +0000
Received: from mx00.int.bfk.de ([10.119.110.2]) by mx01.bfk.de with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) id 1OwWXN-0007MS-FR; Fri, 17 Sep 2010 08:43:17 +0000
Received: by bfk.de with local id 1OwWXM-0002ka-Ln; Fri, 17 Sep 2010 08:43:16 +0000
To: Andras Gustafsson <gson@araneus.fi>
Cc: Brian Dickson <brian.peter.dickson@gmail.com>, namedroppers@ops.ietf.org
Subject: Re: [dnsext] Practical question about backwards compatibility and new proposals
References: <AANLkTi=8Q-QZJo4Js_tUEg_WK0wDPv2rEumvMp+QfTeG@mail.gmail.com> <19601.50451.243072.792474@guava.gson.org>
From: Florian Weimer <fweimer@bfk.de>
Date: Fri, 17 Sep 2010 08:43:16 +0000
In-Reply-To: <19601.50451.243072.792474@guava.gson.org> (Andras Gustafsson's message of "Thu\, 16 Sep 2010 10\:19\:47 +0300")
Message-ID: <82y6b0wyjf.fsf@mid.bfk.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
List-Unsubscribe: To unsubscribe send a message to namedroppers-request@ops.ietf.org with
List-Unsubscribe: the word 'unsubscribe' in a single line as the message text body.
List-Archive: <http://ops.ietf.org/lists/namedroppers/>

* Andras Gustafsson:

> RFC 3597 deals with unknown types, but I don't think the treatment
> of unexpected RRs is currently specified anywhere.  Existing
> implementations tend to ignore them when they occur in the answer
> section of a response, and may or may not cache them when they occur
> in the additional section depending on spoofing defense strategy.

Quite apparently, implementations which do not implement DNSSECbis and
still set the DO bit in queries (because they implement DNSSEC) ignore
the RRSIG records in the answer, authority, and additional sections of
responses.  I don't think other RRs would receive different treatment,
provided that the DO bit is set in the query.

-- 
Florian Weimer                <fweimer@bfk.de>;
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstra├če 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99