[dnsext] bitmap inference was Re: ... - NXDOMAIN for emptynon-terminals
Edward Lewis <Ed.Lewis@neustar.biz> Tue, 29 March 2011 17:36 UTC
Return-Path: <Ed.Lewis@neustar.biz>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 543B93A6943 for <dnsext@core3.amsl.com>; Tue, 29 Mar 2011 10:36:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.58
X-Spam-Level:
X-Spam-Status: No, score=-102.58 tagged_above=-999 required=5 tests=[AWL=0.019, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2K5fVeBCMeTg for <dnsext@core3.amsl.com>; Tue, 29 Mar 2011 10:36:03 -0700 (PDT)
Received: from stora.ogud.com (stora.ogud.com [66.92.146.20]) by core3.amsl.com (Postfix) with ESMTP id 8B3E63A683A for <dnsext@ietf.org>; Tue, 29 Mar 2011 10:36:03 -0700 (PDT)
Received: from Work-Laptop-2.local (gatt.md.ogud.com [10.20.30.6]) by stora.ogud.com (8.14.4/8.14.4) with ESMTP id p2THbZWV066496; Tue, 29 Mar 2011 13:37:36 -0400 (EDT) (envelope-from Ed.Lewis@neustar.biz)
Received: from [10.31.200.119] by Work-Laptop-2.local (PGP Universal service); Tue, 29 Mar 2011 13:37:36 -0400
X-PGP-Universal: processed; by Work-Laptop-2.local on Tue, 29 Mar 2011 13:37:36 -0400
Mime-Version: 1.0
Message-Id: <a06240800c9b7c543104f@[10.31.200.119]>
In-Reply-To: <3B987BF13718424BBA818C248C428E64@local>
References: <alpine.LSU.2.00.1103281507410.5244@hermes-1.csi.cam.ac.uk><8EA8D1A36B8F49 68ABE973C39CA5E0E0@local><a06240800c9b78d52751f@[10.31.200.116]><FCB25297B FF0419692724D36AF3BC99E@local> <a06240804c9b79c870558@[10.31.200.119]><55128075215341BD92DCAAD00450FA85@l ocal> <a06240809c9b7b7143e51@[10.31.200.119]> <3B987BF13718424BBA818C248C428E64@local>
Date: Tue, 29 Mar 2011 13:28:26 -0400
To: George Barwood <george.barwood@blueyonder.co.uk>
From: Edward Lewis <Ed.Lewis@neustar.biz>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Scanned-By: MIMEDefang 2.68 on 10.20.30.4
Cc: Edward Lewis <Ed.Lewis@neustar.biz>, dnsext@ietf.org
Subject: [dnsext] bitmap inference was Re: ... - NXDOMAIN for emptynon-terminals
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Mar 2011 17:36:05 -0000
At 18:16 +0100 3/29/11, George Barwood wrote: >What I'm saying is that an NSEC bitmap tells a client the complete set >of types that don't exist for a domain, That's wrong. The bitmap presents information signed by the authority demonstrating that the type you requested does not exist at the name. The way it is supposed to work is - you ask for fqdn.tld. A record. The response comes back with an empty answer section and an SOA and NSEC/3 in the authority demonstrating that the requested type is not there. The tradeoff here is that the NSEC can be replayed to deny the existence of another type to save having to manage multiple NSEC records for a name. I'm not going to debate the tradeoff. Obviously there are two sides to the story, and whether there is a gain in reducing the number of NSEC/3's to manage. But I am against changing the specification to close off the debate. If the specifications are changed, the net result is giving more authority to the caches and taking the debate away from the authoritative portion of the system. That is why I resist extending the inferences based on NSEC/3 bitmaps. The subject line was NXDOMAIN. I'm not talking about that. We already carefully considered that in the development of DNSSEC and have the results documented. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStar You can leave a voice message at +1-571-434-5468 Me to infant son: "Waah! Waah! Is that all you can say? Waah?" Son: "Waah!"
- [dnsext] draft-vixie-dnsext-resimprove - NXDOMAIN… Tony Finch
- Re: [dnsext] draft-vixie-dnsext-resimprove - NXDO… George Barwood
- Re: [dnsext] draft-vixie-dnsext-resimprove - NXDO… Edward Lewis
- Re: [dnsext] draft-vixie-dnsext-resimprove - NXDO… George Barwood
- Re: [dnsext] draft-vixie-dnsext-resimprove - NXDO… Tony Finch
- Re: [dnsext] draft-vixie-dnsext-resimprove - NXDO… Edward Lewis
- Re: [dnsext] draft-vixie-dnsext-resimprove - NXDO… Edward Lewis
- Re: [dnsext] draft-vixie-dnsext-resimprove - NXDO… George Barwood
- Re: [dnsext] draft-vixie-dnsext-resimprove - NXDO… Edward Lewis
- Re: [dnsext] draft-vixie-dnsext-resimprove - NXDO… George Barwood
- [dnsext] bitmap inference was Re: ... - NXDOMAIN … Edward Lewis
- Re: [dnsext] bitmap inference was Re: ... - NXDOM… George Barwood
- Re: [dnsext] bitmap inference was Re: ... - NXDOM… Edward Lewis
- Re: [dnsext] bitmap inference was Re: ... - NXDOM… Jelte Jansen
- Re: [dnsext] bitmap inference was Re: ... - NXDOM… Edward Lewis
- Re: [dnsext] bitmap inference was Re: ... - NXDOM… Brian Dickson