IETF Logo Mail Archive

[dnsext] Re: need new flag bit in EDNS, "do me no favours" (DMNF)

Paul Vixie <vixie@isc.org> Mon, 25 October 2010 16:59 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1254A3A6873; Mon, 25 Oct 2010 09:59:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.475
X-Spam-Level:
X-Spam-Status: No, score=-2.475 tagged_above=-999 required=5 tests=[AWL=0.124, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nFiyv6MvkfmM; Mon, 25 Oct 2010 09:59:35 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id EB9C83A6AFC; Mon, 25 Oct 2010 09:59:34 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.72 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1PAQMK-000H1e-1z for namedroppers-data0@psg.com; Mon, 25 Oct 2010 16:57:21 +0000
Received: from [2001:4f8:3:bb:230:48ff:fe5a:2f38] (helo=nsa.vix.com) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.72 (FreeBSD)) (envelope-from <vixie@vix.com>) id 1PAQMG-000H1C-8u for namedroppers@ops.ietf.org; Mon, 25 Oct 2010 16:57:16 +0000
Received: from nsa.vix.com (localhost [127.0.0.1]) by nsa.vix.com (Postfix) with ESMTP id 99B76A1021 for <namedroppers@ops.ietf.org>; Mon, 25 Oct 2010 16:57:15 +0000 (UTC) (envelope-from vixie@nsa.vix.com)
From: Paul Vixie <vixie@isc.org>
To: namedroppers@ops.ietf.org
Subject: [dnsext] Re: need new flag bit in EDNS, "do me no favours" (DMNF)
In-Reply-To: Your message of "Mon, 25 Oct 2010 11:45:23 +0200." <20101025094523.GA5187@nic.fr>
References: <59023.1287939121@nsa.vix.com> <20101025094523.GA5187@nic.fr>
X-Mailer: MH-E 8.1; nil; GNU Emacs 23.1.1
Date: Mon, 25 Oct 2010 16:57:15 +0000
Message-ID: <41281.1288025835@nsa.vix.com>
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
List-Unsubscribe: To unsubscribe send a message to namedroppers-request@ops.ietf.org with
List-Unsubscribe: the word 'unsubscribe' in a single line as the message text body.
List-Archive: <http://ops.ietf.org/lists/namedroppers/>

> Date: Mon, 25 Oct 2010 11:45:23 +0200
> From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
> 
> > opin?  i can write a short i-d on it before beijing.
> 
> -1. The "Do not mess with my DNS resolution" bit is the default value of
> the DNS from the beginning and changing this default value means breaking
> many assumptions. I suggest instead to add a bit "I like lies" for those
> who want to experience NXDOMAIN unauthorized replacements and so on.

while i'm not just sympathetic to that view but also passionately in love
with that view, it's not a reasonable or practical position to take.  the
internet economy recognizes first-mover advantage more often than not, and
the ISP's and ASP's who do "web error redirection" today are not going to
stop no matter what anybody says.  sometimes "web error redirection" is the
only source of revenue for an ASP, or sometimes it's the difference between
profitability or not for an ISP.  in practical terms, telling them they
should not do this and that the RFC's were the first movers, is meaningless.

opt-in would have been the better design choice had events not overtaken us.
opt-out, if it's explicit and in-band, is a carve-out.  those of us who know
that we never want "web error redirection" should be able to express this in
unambiguous terms, so that ISP's and ASP's who perform "web error
redirection" can be held to account for their conscious and deliberate
choice of whether to honour our expressed preferences or not.  that's what
we can actually still accomplish, while we wait for end-to-end DNSSEC that
will drive nails into the lid of the coffin containing "web error
redirection" and similar practices.

v2.23.0 | Report a Bug | By Email