Re: [dnsext] MaraDNS and NXDOMAIN/NOERROR on non-terminal nodes
Sam Trenholme <strenholme.usenet@gmail.com> Sat, 23 April 2011 22:33 UTC
Return-Path: <strenholme.usenet@gmail.com>
X-Original-To: dnsext@ietfc.amsl.com
Delivered-To: dnsext@ietfc.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfc.amsl.com (Postfix) with ESMTP id 7C282E06C8 for <dnsext@ietfc.amsl.com>; Sat, 23 Apr 2011 15:33:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.368
X-Spam-Level:
X-Spam-Status: No, score=-3.368 tagged_above=-999 required=5 tests=[AWL=0.230, BAYES_00=-2.599, NORMAL_HTTP_TO_IP=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([208.66.40.236]) by localhost (ietfc.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id naTWcN0mAh+8 for <dnsext@ietfc.amsl.com>; Sat, 23 Apr 2011 15:33:03 -0700 (PDT)
Received: from mail-iw0-f172.google.com (mail-iw0-f172.google.com [209.85.214.172]) by ietfc.amsl.com (Postfix) with ESMTP id 09A1EE0613 for <dnsext@ietf.org>; Sat, 23 Apr 2011 15:33:02 -0700 (PDT)
Received: by iwn39 with SMTP id 39so1495825iwn.31 for <dnsext@ietf.org>; Sat, 23 Apr 2011 15:33:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=hYnorOadrVxOJnfsIbRYn0L/VIRvSNcwtNX9YZ59Gvs=; b=TvOhZWj40gMgEX/VSUGHqibhTM5CSWQ6rxgogEh5T9NAsOA/+YIHwEbLaCxkYI4ukX aCIjulaluhOucFOvKOgQNASWqQw8lKsh6e26uon7F6FL/qnBh0dKDxx9Q5BFi0ePvf/D M9czUHdyhEIpUxtQenZvLraJwLfMKSmshwYzE=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=wi0BE0zn3BCE7zAcx54HU0ze0D5Di4Zk0/DTNIT6tWw+4Zy6GQMws0uNJU/jWrJxId Vf+ZjIgCp+5ln6cYRX8APJbZIhowI3HpAipXFasidr/tB578gYv5oMrnJciJ/WlRnCws vfwAI8dCvMHXYc1Z43jD6e1TJJ+Uw+K0f0CqY=
MIME-Version: 1.0
Received: by 10.42.217.3 with SMTP id hk3mr2892255icb.200.1303597982043; Sat, 23 Apr 2011 15:33:02 -0700 (PDT)
Received: by 10.42.220.67 with HTTP; Sat, 23 Apr 2011 15:33:02 -0700 (PDT)
In-Reply-To: <alpine.BSF.2.00.1104231702040.22305@joyce.lan>
References: <BANLkTimgkfQFx8ocrXjv7UFjhCzenwDhKw@mail.gmail.com> <alpine.BSF.2.00.1104231702040.22305@joyce.lan>
Date: Sat, 23 Apr 2011 17:33:02 -0500
Message-ID: <BANLkTi=6BE+QBnyeHVcGo-PoaMtk2JvLzw@mail.gmail.com>
From: Sam Trenholme <strenholme.usenet@gmail.com>
To: "John R. Levine" <johnl@iecc.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: dnsext@ietf.org
Subject: Re: [dnsext] MaraDNS and NXDOMAIN/NOERROR on non-terminal nodes
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Apr 2011 22:33:04 -0000
[John: Sorry about giving you two copies of this email] > the wrongness of returning NXDOMAIN for an > empty node with other nodes below it [citation needed]. In other words, accusations of RFC non-compliance need to quote chapter and verse of the relevant RFC or are invalid. > By the way, telling people "you're wrong, change it because it's hard for me > to fix" is rarely a winning strategy That's not what I said. I said that Paul Vixie once said that the opposite behavior was the correct behavior [1], so it was reasonable for DNS implementers in the 2000s to feel the opposite behavior was correct. And, indeed, there are at least two DNS implementers which did precisely that. I do feel that, in light of that fact that ip6.arpa can be very sparse, it would be helpful to have a DNS server be able to say "not only does this node not exist, but all child nodes also do not exist". [2] But doing it in a way that breaks the existing internet and has security problems [3] is, IMHO, not a good idea. - Sam [1] http://groups.google.com/group/comp.protocols.dns.std/msg/69e4500e7b7d73c8 [2] Actually, on second thought, I have promised a friend that I would implement a simple DNS server that would convert all queries in the form "0.1.2.3.4.5.6.7.8.9.a.b.c.d.e.f.0.1.2.3.4.5.6.7.8.9.a.b.c.d.e.f.ip6.arpa PTR" in to answers like "ip6.fedc-ba98-7654-3210-fedc-ba98-7654-3210.example.com" (and, correspondingly, convert AAAA queries for "ip6.fedc-ba98-7654-3210-fedc-ba98-7654-3210.example.com" in to "fedc:ba98:7654:3210:fedc:ba98:7654:3210"), so ip6.arpa does not necessarily have to be sparse. [3] http://marc.info/?l=djbdns&m=130141880325287&w=1 and http://www.ietf.org/mail-archive/web/dnsext/current/msg11101.html
- [dnsext] MaraDNS and NXDOMAIN/NOERROR on non-term… Sam Trenholme
- Re: [dnsext] MaraDNS and NXDOMAIN/NOERROR on non-… John R. Levine
- Re: [dnsext] MaraDNS and NXDOMAIN/NOERROR on non-… Sam Trenholme
- Re: [dnsext] MaraDNS and NXDOMAIN/NOERROR on non-… Edward Lewis
- Re: [dnsext] MaraDNS and NXDOMAIN/NOERROR on non-… Marc Lampo
- Re: [dnsext] MaraDNS and NXDOMAIN/NOERROR on non-… Paul Vixie
- Re: [dnsext] MaraDNS and NXDOMAIN/NOERROR on non-… Edward Lewis
- Re: [dnsext] MaraDNS and NXDOMAIN/NOERROR on non-… Hugo Salgado
- Re: [dnsext] MaraDNS and NXDOMAIN/NOERROR on non-… Edward Lewis
- Re: [dnsext] MaraDNS and NXDOMAIN/NOERROR on non-… Paul Vixie